diff options
| author | Philip Häusler <msquare@notrademark.de> | 2011-06-11 17:09:30 +0200 |
|---|---|---|
| committer | Philip Häusler <msquare@notrademark.de> | 2011-06-11 17:09:30 +0200 |
| commit | 3a31cebd1d39a6bcec2c22cbced60ca9d6177a42 (patch) | |
| tree | 3cce86da26c408841e69bdee4e2ba012e0c72e47 /includes | |
| parent | ebecae2ccc37c8930245a562852c035d5ce8d5a1 (diff) | |
| parent | 80a1a65aefcd2f33951dc60c72d29df1ad19b187 (diff) | |
merge special_includes_camp
Diffstat (limited to 'includes')
59 files changed, 4413 insertions, 2283 deletions
diff --git a/includes/UserCVS.php b/includes/UserCVS.php deleted file mode 100755 index 9210e446..00000000 --- a/includes/UserCVS.php +++ /dev/null @@ -1,102 +0,0 @@ -<?php - -if( !isset($_SESSION['UID'])) - $_SESSION['UID'] = -1; - -// CVS import Data -$SQL_CVS = "SELECT * FROM `UserCVS` WHERE UID=".$_SESSION['UID']; -$Erg_CVS = mysql_query($SQL_CVS, $con); -$_SESSION['CVS'] = mysql_fetch_array($Erg_CVS); - - -// Group import Data, if nesseary -if( isset( $_SESSION['CVS'][ "GroupID" ])) -{ - $SQL_GRP = "SELECT * FROM `UserCVS` WHERE UID=".$_SESSION['CVS'][ "GroupID" ]; - $Erg_GRP = mysql_query($SQL_GRP, $con); - $_SESSION['CVS_Group'] = mysql_fetch_array($Erg_GRP); - - foreach( $_SESSION['CVS'] as $k => $v) - { - if($v=="G") // Right == Group - $_SESSION['CVS'][$k] = $_SESSION['CVS_Group'][$k]; - } -} - -//pagename ermitteln -$Page["Name"] = substr( $_SERVER['PHP_SELF'], strlen($ENGEL_ROOT) ); - -//recht für diese seite auslesen -if( isset( $_SESSION['CVS'][ $Page["Name"] ])) - $Page["CVS"] = $_SESSION['CVS'][ $Page["Name"] ]; -else -{ - echo "SYSTEM ERROR: now right for ". $Page["Name"]. "exist"; - die; -} - -if( $DEBUG ) -{ -// foreach( $_SESSION as $k => $v) -// echo "$k = $v<br>\n"; - echo "<pre>\$_SESSION:\n"; - print_r($_SESSION); - echo "</pre>"; - - if( strlen($Page["CVS"]) == 0 ) - echo "<h1><u> CVS ERROR, on page '". $Page["Name"]. "'</u></h1>"; - else - echo "CVS: ". $Page["Name"]. " => '". $Page["CVS"]. "'<br>"; - -} - -function funktion_isLinkAllowed( $PageName) -{ - global $_SESSION; - - // separate page parameter - $ParameterPos = strpos( $PageName, ".php?"); - if( $ParameterPos === FALSE) - { - $pName = $PageName; - } - else - { - $pName = substr( $PageName, 0, $ParameterPos + 4); - } - - // check rights - if( (isset( $_SESSION['CVS'][ $pName ]) === TRUE) && - ($_SESSION['CVS'][ $pName ] == "Y") ) - { - return TRUE; - } - - return FALSE; -} - -function funktion_isLinkAllowed_addLink_OrLinkText( $PageName, $LinkText) -{ - global $url, $ENGEL_ROOT; - - if( funktion_isLinkAllowed( $PageName) === TRUE) - { - return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>"; - } - - return $LinkText; -} - -function funktion_isLinkAllowed_addLink_OrEmpty( $PageName, $LinkText) -{ - global $url, $ENGEL_ROOT; - - if( funktion_isLinkAllowed( $PageName) === TRUE) - { - return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>"; - } - - return ""; -} - -?> diff --git a/includes/config_MessegeServer.php b/includes/config_MessegeServer.php deleted file mode 100644 index 3454ae0c..00000000 --- a/includes/config_MessegeServer.php +++ /dev/null @@ -1,8 +0,0 @@ -<? -// Set the ip and port we will listen on -define( SERVER_ADDRESS, "127.0.0.1" ); -define( SERVER_PORT, 9000 ); - -define( DEBUG, TRUE); - -?> diff --git a/includes/config_modem.php b/includes/config_modem.php deleted file mode 100644 index 0625936d..00000000 --- a/includes/config_modem.php +++ /dev/null @@ -1,11 +0,0 @@ -<?PHP - -//ist ein modem angeschlossen -$ModemEnable = false; - -// COM port -$ModemDev="/dev/ttyS0"; - -// vorwahl, bei tnovis telefonanlage für das programmieren von weckrufen -$WackupNumber="**3"; -?> diff --git a/includes/crypt.php b/includes/crypt.php deleted file mode 100755 index 9707e719..00000000 --- a/includes/crypt.php +++ /dev/null @@ -1,18 +0,0 @@ -<?php - - -function PassCrypt($passwort) { -include "config.php"; - -switch ($crypt_system) { - case "crypt": - return "{crypt}".crypt($passwort, "77"); - case "md5": - return md5($passwort); - } - -} - - - -?> diff --git a/includes/error_handler.php b/includes/error_handler.php index 10f27d58..42e561fc 100755..100644 --- a/includes/error_handler.php +++ b/includes/error_handler.php @@ -1,88 +1,86 @@ <?php - - require_once("funktion_jabber.php"); + require_once "funktion_jabber.php"; // global array for collected error_messages $error_messages = array(); // general error handler collecting all messages in an array - function Error_Handler($error_number, $error_string, $error_file, $error_line, $error_context) - { + function Error_Handler($error_number, $error_string, $error_file, $error_line, $error_context) { global $error_messages, $con; - //SQL error genauer analysiert + // SQL error genauer analysiert $Temp = ""; - foreach ($error_context as $k => $v ) - if( (strpos( "0$k", "sql") > 0) || (strpos( "0$k", "SQL") > 0)) - $Temp .= "Error Context: $k = $v\n"; - - if( (strpos( "0$error_string", "MySQL") > 0) ) - $Temp .= "Error MySQL: ". mysql_error($con). "\n"; - - //übergeben des arrays - array_push( $error_messages, "Error Number: $error_number\n". - "Error String: $error_string\n". - "Error File: $error_file\n". - "Error Line: $error_line\n". - (strlen($Temp)? "$Temp": "") - ); + foreach ($error_context as $k => $v) + if((strpos( "0$k", "sql") > 0) || (strpos( "0$k", "SQL") > 0)) + $Temp .= "Error Context: $k = $v\n"; + + if((strpos( "0$error_string", "MySQL") > 0)) + $Temp .= "Error MySQL: ". mysql_error($con). "\n"; + + // Uebergeben des arrays + array_push($error_messages, "Error Number: " . $error_number . "\n". + "Error String: " . $error_string . "\n". + "Error File: " . $error_file . "\n". + "Error Line: " . $error_line . "\n". + (strlen($Temp)? "$Temp": "")); } // register error handler set_error_handler("Error_Handler"); - ini_set( "error_reporting", E_ALL); - if( $DEBUG) - { - ini_set( "display_errors", "On"); - ini_set( "display_startup_errors", "On"); - ini_set( "html_errors", "On"); + error_reporting(E_ALL); + + if($debug) { + ini_set("display_errors", "On"); + ini_set("display_startup_errors", "On"); + ini_set("html_errors", "On"); } // send errors - function send_errors() - { + function send_errors() { global $error_messages; - if (!$error_messages) return; - + if(!$error_messages) + return; + $message = ""; foreach($error_messages as $value) $message .= $value."\n"; + $message .= "\n"; - - if( isset( $_POST)) - { - foreach ($_POST as $k => $v ) + + if(isset($_POST)) { + foreach ($_POST as $k => $v) $message .= "_POST: $k = ". ( $k!="password"? $v : "???..."). "\n"; + $message .= "\n"; } - - if( isset( $_GET)) - { - foreach ($_GET as $k => $v ) - $message .= "_GET: $k = $v\n"; + + if(isset($_GET)) { + foreach ($_GET as $k => $v) + $message .= "_GET: $k = $v\n"; + $message .= "\n"; } - + $message .= "\n\n"; if( isset( $_SESSION)) { - foreach ($_SESSION as $k => $v ) + foreach ($_SESSION as $k => $v ) $message .= "_SESSION: $k = $v\n"; $message .= "\n"; } if( isset( $_SESSION['CVS'])) { - foreach ($_SESSION['CVS'] as $k => $v ) + foreach ($_SESSION['CVS'] as $k => $v ) if( strlen($k)>3 ) $message .= "_SESSION['CVS']: $k = $v\n"; $message .= "\n"; } - - foreach ($_SERVER as $k => $v ) + + foreach ($_SERVER as $k => $v ) if( strpos( "0$k", "SERVER_")==0) $message .= "_SERVER: $k = $v\n"; @@ -102,7 +100,7 @@ function send_message(&$message) { chdir(dirname(__FILE__)); - require_once('./config_jabber.php'); + require_once('../config/config_jabber.php'); if (isset($jabber_recipient) && count($jabber_recipient)) { $jabber = new Jabber($server, $port, $username, $password, $resource); diff --git a/includes/footer.php b/includes/footer.php deleted file mode 100755 index f65e8a7e..00000000 --- a/includes/footer.php +++ /dev/null @@ -1,57 +0,0 @@ -<?PHP - -?> - - - -<!-- anfang des footers //--> - - - - - <br> - <p align="center"> - <?PHP If (IsSet($_SESSION['oldurl'])) - echo "<a href=\"". $_SESSION["oldurl"]. "\">".Get_Text("back")."</a> "; - ?> - <a href="#top"><?PHP echo Get_Text("top"); ?></a> - </p> - </td> - </tr> -</table> - </td> - - - - -<!-- anfang des menue parts //--> -<?PHP -if( $_SESSION['Menu'] =="R") include("menu.php"); -?> - </td> - - - -<!-- ende des menue parts //--> - - - - </tr> - <tr> - <td colspan="2"> - <h5 align="center"> © copyleft - <a href="mailto:erzengel@lists.ccc.de">Kontakt</a> - <?PHP - include( "funktion_counter.php"); - include( "funktion_flag.php"); - ?></h5> - </td> - </tr> -</table> - -<!-- </div> --> -<?php mysql_close($con); ?> -</div> - - -</BODY> -</HTML> diff --git a/includes/funktion_SendMessenges.php b/includes/funktion_SendMessenges.php index d71e4804..b6de67cc 100644 --- a/includes/funktion_SendMessenges.php +++ b/includes/funktion_SendMessenges.php @@ -1,18 +1,14 @@ -<?php
-
-
-function SendData($Data)
-{
- include("config_MessegeServer.php");
- // Create a UDP socket
- $sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
- //send packed
- socket_sendto($sock, $Data, 9999, 0x4, SERVER_ADDRESS, SERVER_PORT);
-}
-
-function SendMessageJabber($Adresse, $Nachricht)
-{
- SendData( "#message $Adresse $Nachricht");
-}
-
-?>
+<?php + function SendData($Data) { + include "config_MessegeServer.php"; + // Create a UDP socket + $sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP); + + //send packed + socket_sendto($sock, $Data, 9999, 0x4, SERVER_ADDRESS, SERVER_PORT); + } + + function SendMessageJabber($Adresse, $Nachricht) { + SendData( "#message $Adresse $Nachricht"); + } +?> diff --git a/includes/funktion_activeUser.php b/includes/funktion_activeUser.php deleted file mode 100755 index d19895a8..00000000 --- a/includes/funktion_activeUser.php +++ /dev/null @@ -1,59 +0,0 @@ -<?PHP - -// Functionen gibt es nicht auf ellen rechern -if( !function_exists("bcdiv")) -{ - function bcdiv( $param1, $param2) - { - return floor( $param1 / $param2); - } -} - -if( !function_exists("bcmod")) -{ - function bcmod( $param1, $param2) - { - return $param1 - ( $param2 * bcdiv( $param1, $param2)); - } -} - - -echo "<h4 class=\"menu\">Engel online</h4>"; - -$SQL = "SELECT UID, Nick, lastLogIn ". - "FROM User ". - "WHERE (`lastLogIn` > '". gmdate("YmdHis", time()-(60*60)). "' AND NOT (UID=". $_SESSION['UID']. ")) ". - "ORDER BY lastLogIn DESC;"; - -$Erg = mysql_query( $SQL, $con); - - -$Tist = (gmdate("d", time()) * 60 * 60 * 24) + // Tag - (gmdate("H", time()) * 60 * 60) + // Stunde - (gmdate("i", time()) * 60) + // Minute - (gmdate("s", time()) ); // Sekunde - -for( $i=0; $i<mysql_num_rows($Erg); $i++) -{ - echo "\t\t\t<li>"; - if( $_SESSION['UID']>0 ) - echo DisplayAvatar( mysql_result( $Erg, $i, "UID")); - // Schow Admin Page - echo funktion_isLinkAllowed_addLink_OrLinkText( - "admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal", - mysql_result( $Erg, $i, "Nick")); - - $Tlog = (substr( mysql_result( $Erg, $i, "lastLogIn"), 8, 2) * 60 * 60 * 24) + // Tag - (substr( mysql_result( $Erg, $i, "lastLogIn"), 11, 2) * 60 * 60) + // Stunde - (substr( mysql_result( $Erg, $i, "lastLogIn"), 14, 2) * 60) + // Minute - (substr( mysql_result( $Erg, $i, "lastLogIn"), 17, 2) ); // Sekunde - - $Tlog = $Tist-$Tlog; - echo " ". bcdiv( $Tlog, 60). ":"; - if( strlen(bcmod( $Tlog, 60))==1) - echo "0"; - echo bcmod( $Tlog, 60); - echo "</li>\n"; -} - -?> diff --git a/includes/funktion_counter.php b/includes/funktion_counter.php deleted file mode 100644 index 70b104d4..00000000 --- a/includes/funktion_counter.php +++ /dev/null @@ -1,24 +0,0 @@ -<?PHP - -$SQL = "SELECT `Anz` FROM `Counter` WHERE `URL`=\"". $Page["Name"]. "\""; -$Erg = mysql_query($SQL, $con); - -echo mysql_error($con); - -if(mysql_num_rows($Erg)==0) -{ -// echo "Counter: 1"; - $SQL = "INSERT INTO `Counter` ( `URL` , `Anz` ) ". - "VALUES ('". $Page["Name"]. "', '1');"; - $Erg = mysql_query($SQL, $con); -} -elseif(mysql_num_rows($Erg)==1) -{ -// echo "Counter: ". (mysql_result($Erg, 0, 0)+1); - $SQL = "UPDATE `Counter` SET `Anz` = '". (mysql_result($Erg, 0, 0) +1). "' ". - "WHERE `URL` = '". $Page["Name"]. "' LIMIT 1 ;"; - $Erg = mysql_query($SQL, $con); -} - - -?> diff --git a/includes/funktion_cron.php b/includes/funktion_cron.php index 17ac5a76..3a0e984b 100755..100644 --- a/includes/funktion_cron.php +++ b/includes/funktion_cron.php @@ -1,144 +1,131 @@ -<?PHP - -function UID2DECT($UID) -{ - global $con; - $SQL = "SELECT DECT FROM `User` WHERE UID='$UID'"; - $Erg = mysql_query($SQL, $con); - if( mysql_num_rows( $Erg) == 1) - return mysql_result($Erg, 0); - else - return ""; -} -function RID2Room($RID) -{ - global $con; - $SQL = "SELECT Name FROM `Room` WHERE RID='$RID'"; - $Erg = mysql_query($SQL, $con); - if( mysql_num_rows( $Erg) == 1) - return mysql_result($Erg, 0); - else - return ""; -} - -function TID2Engeltype($TID) -{ - global $con; - $SQL = "SELECT Name FROM `EngelType` WHERE TID='$TID'"; - $Erg = mysql_query($SQL, $con); - if( mysql_num_rows( $Erg) == 1) - return mysql_result($Erg, 0); - else - return ""; -} - - -function DialNumberIAX( $DECTnumber, $Time, $RID, $TID) -{ - global $IAXenable, $IAXcontent, $IAXserver, $AnrufDelay, $DebugDECT, $Tempdir, $AsteriskOutputDir; - - //Parameter verarbeiten - $TimeH = substr( $Time, 11, 2); - $TimeM = substr( $Time, 14, 2); - $TimeM = substr( $Time, 14, 2) + $AnrufDelay; - if( $TimeM < 0 ) - { - $TimeM += 60; - $TimeH -= 1; - } - if( $TimeH < 0 ) - $TimeH += 24; - - if( strlen( $TimeH) == 1) - $TimeH = "0".$TimeH; - - if( $IAXenable) - { $Message="die-nee shisht beh-kinned , in where-neegin me-nooten . . . your shift beginns in a few minutes"; - if (isset($SetHttpIAX)) - { - $post_data = array(); - $post_data['code'] = "89o8eu9cg4"; - $post_data['callerid'] = "1023"; - $post_data['nr'] = "$DECTnumber"; - //$post_data['message'] = "Deine schicht beginnt in ein paar minuten . . . your shift beginns in a few minutes "; - $post_data['message'] = "die-nee shisht beh-kinned , in where-neegin me-nooten . . . your shift beginns in a few minutes "; - $url = "https://23c3.eventphone.de/~bef/call.php"; - - $o=""; - foreach ($post_data as $k=>$v) - { - $o.= "$k=".urlencode(utf8_encode($v))."&"; - } - $post_data=substr($o,0,-1); - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_POST, 1); - curl_setopt($ch, CURLOPT_HEADER, 0); - curl_setopt($ch, CURLOPT_URL, $url); - curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); - $result = curl_exec($ch); - echo curl_error($ch); - curl_close($ch); - } - else - { - // IAX file Schareiebn - $CallFile = $Tempdir. "/call_". date("Ymd_His"). "_$DECTnumber"; - - if($DebugDECT) echo "IAX create file for dialing Number $DECTnumber\n"; - $file = fopen( $CallFile, 'w' ); - if( $file != FALSE) - { - fputs( $file, "Channel: SIP/$DECTnumber@$IAXserver\n"); //Ziel nummer - fputs( $file, "Callerid: Engelserver\n"); - // fputs( $file, "Callerid: $IAXcontent\n"); - // fputs( $file, "Context: $DECTnumber@$IAXserver\n"); - fputs( $file, "Extension: s\n"); - fputs( $file, "MaxRetries: 1\n"); - fputs( $file, "RetryTime: 10\n"); - fputs( $file, "SetVar: msg=$Message\n"); -// fputs( $file, "SetVar: TimeH=$TimeH\n"); -// fputs( $file, "SetVar: TimeM=$TimeM\n"); -// fputs( $file, "SetVar: DECTnumber=$DECTnumber\n"); -// fputs( $file, "SetVar: Room=". RID2Room( $RID). "\n"); -// fputs( $file, "SetVar: Engeltype=". TID2Engeltype( $TID). "\n"); - fclose($file); - system( "chmod 777 ". $CallFile); - system( "mv ". $CallFile. " ". $AsteriskOutputDir); - - } - else - echo "error: $CallFile not created"; - } - } - else - if($DebugDECT) echo "IAX is disable\n"; -} - -function DialNumberModem( $DECTnumber, $Time) -{ - global $AnrufDelay; - - //Parameter verarbeiten - $TimeH = substr( $Time, 11, 2); - $TimeM = substr( $Time, 14, 2); - $TimeM = substr( $Time, 14, 2) + $AnrufDelay; - if( $TimeM < 0 ) - { - $TimeM += 60; - $TimeH -= 1; - } - if( $TimeH < 0 ) - $TimeH += 24; - - if( strlen( $TimeH) == 1) - $TimeH = "0".$TimeH; - - SetWackeup( $DECTnumber, $TimeH, $TimeM); -} - -return 0; +<?php + function UID2DECT($UID) { + global $con; + $SQL = "SELECT DECT FROM `User` WHERE UID='$UID'"; + $Erg = mysql_query($SQL, $con); -?> + if(mysql_num_rows( $Erg) == 1) + return mysql_result($Erg, 0); + else + return ""; + } + + function RID2Room($RID) { + global $con; + $SQL = "SELECT Name FROM `Room` WHERE RID='$RID'"; + $Erg = mysql_query($SQL, $con); + + if(mysql_num_rows( $Erg) == 1) + return mysql_result($Erg, 0); + else + return ""; + } + + function TID2Engeltype($TID) { + global $con; + $SQL = "SELECT Name FROM `EngelType` WHERE TID='$TID'"; + $Erg = mysql_query($SQL, $con); + + if(mysql_num_rows( $Erg) == 1) + return mysql_result($Erg, 0); + else + return ""; + } + + + function DialNumberIAX( $DECTnumber, $Time, $RID, $TID) { + global $IAXenable, $IAXcontent, $IAXserver, $AnrufDelay, $DebugDECT, $Tempdir, $AsteriskOutputDir; + + // Parameter verarbeiten + $TimeH = substr( $Time, 11, 2); + $TimeM = substr( $Time, 14, 2); + $TimeM = substr( $Time, 14, 2) + $AnrufDelay; + + if($TimeM < 0) { + $TimeM += 60; + $TimeH -= 1; + } + + if($TimeH < 0) + $TimeH += 24; + + if(strlen( $TimeH) == 1) + $TimeH = "0" . $TimeH; + + if($IAXenable) { + $Message = "die-nee shisht beh-kinned, in where-neegin me-nooten . . . your shift beginns in a few minutes"; + if(isset($SetHttpIAX)) { + $post_data = array(); + $post_data['code'] = "89o8eu9cg4"; + $post_data['callerid'] = "1023"; + $post_data['nr'] = "$DECTnumber"; + //$post_data['message'] = "Deine schicht beginnt in ein paar minuten . . . your shift beginns in a few minutes "; + $post_data['message'] = "die-nee shisht beh-kinned , in where-neegin me-nooten . . . your shift beginns in a few minutes "; + $url = "https://23c3.eventphone.de/~bef/call.php"; + + $o = ""; + foreach ($post_data as $k => $v) { + $o.= "$k=" . urlencode(utf8_encode($v)) . "&"; + } + + $post_data = substr($o, 0, -1); + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_HEADER, 0); + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + $result = curl_exec($ch); + echo curl_error($ch); + curl_close($ch); + } else { + // IAX file Schareiebn + $CallFile = $Tempdir. "/call_". date("Ymd_His"). "_$DECTnumber"; + + if($DebugDECT) + echo "IAX create file for dialing Number $DECTnumber\n"; + + $file = fopen( $CallFile, 'w'); + + if($file != false) { + fputs($file, "Channel: SIP/$DECTnumber@$IAXserver\n"); + fputs($file, "Callerid: Engelserver\n"); + fputs($file, "Extension: s\n"); + fputs($file, "MaxRetries: 1\n"); + fputs($file, "RetryTime: 10\n"); + fputs($file, "SetVar: msg=$Message\n"); + fclose($file); + system("chmod 777 " . $CallFile); + system("mv " . $CallFile . " " . $AsteriskOutputDir); + } else + echo "error: $CallFile not created"; + } + } else + if($DebugDECT) + echo "IAX is disable\n"; + } + + function DialNumberModem($DECTnumber, $Time) { + global $AnrufDelay; + + // Parameter verarbeiten + $TimeH = substr($Time, 11, 2); + $TimeM = substr($Time, 14, 2); + $TimeM = substr($Time, 14, 2) + $AnrufDelay; + + if($TimeM < 0) { + $TimeM += 60; + $TimeH -= 1; + } + + if($TimeH < 0) + $TimeH += 24; + + if(strlen( $TimeH) == 1) + $TimeH = "0" . $TimeH; + + SetWackeup($DECTnumber, $TimeH, $TimeM); + } +?> diff --git a/includes/funktion_db.php b/includes/funktion_db.php index cbfb198f..ffd7d6a2 100644 --- a/includes/funktion_db.php +++ b/includes/funktion_db.php @@ -1,149 +1,145 @@ -<?PHP - -if( !function_exists("db_query")) -{ - function Ausgabe_Daten($SQL) - { - global $con; - $Erg = mysql_query($SQL, $con); - - echo mysql_error($con); - - $Zeilen = mysql_num_rows($Erg); - $Anzahl_Felder = mysql_num_fields($Erg); - - $Diff = "<table border=1>"; - $Diff .= "<tr>"; - for ($m = 0 ; $m < $Anzahl_Felder ; $m++) - $Diff .= "<th>". mysql_field_name($Erg, $m). "</th>"; - $Diff .= "</tr>"; - - for ($n = 0 ; $n < $Zeilen ; $n++) - { - $Diff .= "<tr>"; - for ($m = 0 ; $m < $Anzahl_Felder ; $m++) - $Diff .= "<td>".mysql_result($Erg, $n, $m). "</td>"; - $Diff .= "</tr>"; - } - $Diff .= "</table>"; - return $Diff; - } - - function db_querry_getDatenAssocArray($SQL) - { - global $con; - - $Erg = mysql_query($SQL, $con); - echo mysql_error($con); - - $Daten = array(); - for( $i=0; $i<mysql_num_rows($Erg); $i++) - $Daten[$i] = mysql_fetch_assoc($Erg); - - return $Daten; - } - - function db_querry_diffDaten($Daten1, $Daten2) - { - $Gefunden=False; - - $Diff = "\n<table border=1>\n"; - $Diff .= "<tr>\n\t<th>Feldname</th>\n\t<th>old Value</th>\n\t<th>new Value</th>\n"; - $Diff .= "</tr>\n"; - foreach($Daten1 as $DataKey => $Data1) - { - if( isset( $Daten2[$DataKey])) - { - $Data2 = $Daten2[$DataKey]; - foreach($Data1 as $key => $value) - if( $value != $Data2[$key]) - { - $Gefunden=TRUE; - $Diff .= "<tr>\n\t<td>$key</td>\n\t<td>$value</td>\n\t<td>".$Data2[$key]."</rd>\n</tr>"; - } - } - else - foreach($Data1 as $key => $value) - { - $Gefunden=TRUE; - $Diff .= "<tr>\n\t<td>$key</td>\n\t<td>$value</td>\n\t<td></rd>\n</tr>"; - } - } - $Diff .= "</table>\n"; - - if( $Gefunden) - return $Diff; - else - return "\nno changes Fount\n"; - } - - function db_query( $SQL, $comment) - { - global $con, $Page; - $Diff = ""; - - //commed anlyse udn daten sicherung - if( strpos( "#$SQL", "UPDATE") > 0) - { - //Tabellen name ermitteln - $Table_Start = strpos( $SQL, "`"); - $Table_End = strpos( $SQL, "`", $Table_Start+1); - $Table = substr( $SQL, $Table_Start, ($Table_End-$Table_Start+1)); - - //SecureTest - if( $Table_Start == 0 || $Table_End == 0) die("<h1>funktion_db ERROR SQL: '$SQL' nicht OK</h1>"); - - //WHERE ermitteln - $Where_Start = strpos( $SQL, "WHERE"); - $Where = substr( $SQL, $Where_Start); - if( $Where_Start == 0) $Where = ";"; - - if( strlen( $Where) < 2) - { - $Diff = "can't show, too mutch data (no filter was set)"; - $querry_erg = mysql_query($SQL, $con); - } - else - { - $Daten1 = db_querry_getDatenAssocArray( "SELECT * FROM $Table $Where"); - $querry_erg = mysql_query($SQL, $con); - $Daten2 = db_querry_getDatenAssocArray( "SELECT * FROM $Table $Where"); - $Diff = db_querry_diffDaten($Daten1, $Daten2); - } - } - elseif( strpos( "#$SQL", "DELETE") > 0) - { - $TableWhere = substr( $SQL, 6); - $Diff .= Ausgabe_Daten( "SELECT * $TableWhere"); - - //execute command - $querry_erg = mysql_query($SQL, $con); - } - elseif( strpos( "#$SQL", "INSERT") > 0) - { - //execute command - $querry_erg = mysql_query($SQL, $con); - } - else - { - //execute command - $querry_erg = mysql_query($SQL, $con); - } - - $SQLCommand = "SQL:<br>". htmlentities( $SQL, ENT_QUOTES); - if( strlen($Diff) > 0) - $SQLCommand .= "<br><br>Diff:<br>$Diff"; - - $Commend = htmlentities( ($Page["Name"]. ": ". $comment), ENT_QUOTES); - //LOG commands in DB - $SQL_SEC = "INSERT INTO `ChangeLog` ( `UID` , `SQLCommad` , `Commend` ) ". - " VALUES ( '". $_SESSION['UID']. "', ". - "'". mysql_escape_string( $SQLCommand). "', ". - "'". mysql_escape_string( $Commend). "' );"; - $erg = mysql_query($SQL_SEC, $con); - echo mysql_error($con); - return $querry_erg; - }//function db_query( +<?php + if( !function_exists("db_query")) { + function Ausgabe_Daten($SQL) { + global $con; + $Erg = mysql_query($SQL, $con); + + echo mysql_error($con); + + $Zeilen = mysql_num_rows($Erg); + $Anzahl_Felder = mysql_num_fields($Erg); + + $Diff = "<table border=1>"; + $Diff .= "<tr>"; + + for ($m = 0 ; $m < $Anzahl_Felder ; $m++) + $Diff .= "<th>". mysql_field_name($Erg, $m). "</th>"; + + $Diff .= "</tr>"; + + for ($n = 0 ; $n < $Zeilen ; $n++) { + $Diff .= "<tr>"; + + for ($m = 0 ; $m < $Anzahl_Felder ; $m++) + $Diff .= "<td>".mysql_result($Erg, $n, $m). "</td>"; + + $Diff .= "</tr>"; + } + + $Diff .= "</table>"; + return $Diff; + } + + function db_querry_getDatenAssocArray($SQL) { + global $con; + + $Erg = mysql_query($SQL, $con); + echo mysql_error($con); + + $Daten = array(); + + for( $i=0; $i<mysql_num_rows($Erg); $i++) + $Daten[$i] = mysql_fetch_assoc($Erg); + + return $Daten; + } + + function db_querry_diffDaten($Daten1, $Daten2) { + $Gefunden = false; + + $Diff = "\n<table border=1>\n"; + $Diff .= "<tr>\n<th>Feldname</th>\n<th>old Value</th>\n<th>new Value</th>\n"; + $Diff .= "</tr>\n"; + + foreach($Daten1 as $DataKey => $Data1) { + if(isset( $Daten2[$DataKey])) { + $Data2 = $Daten2[$DataKey]; + + foreach($Data1 as $key => $value) + if( $value != $Data2[$key]) { + $Gefunden = true; + $Diff .= "<tr>\n<td>$key</td>\n<td>$value</td>\n<td>" . $Data2[$key] . "</rd>\n</tr>"; + } + } else + foreach($Data1 as $key => $value) { + $Gefunden = true; + $Diff .= "<tr>\n<td>$key</td>\n<td>$value</td>\n<td></rd>\n</tr>"; + } + } + + $Diff .= "</table>\n"; + + if($Gefunden) + return $Diff; + else + return "\nno changes Fount\n"; + } + + function db_query( $SQL, $comment) { + global $con, $Page; + $Diff = ""; + + // commed anlyse udn daten sicherung + if(strpos("#$SQL", "UPDATE") > 0) { + // Tabellen name ermitteln + $Table_Start = strpos( $SQL, "`"); + $Table_End = strpos( $SQL, "`", $Table_Start+1); + $Table = substr( $SQL, $Table_Start, ($Table_End-$Table_Start+1)); + + //SecureTest + if( $Table_Start == 0 || $Table_End == 0) die("<h1>funktion_db ERROR SQL: '$SQL' nicht OK</h1>"); + + //WHERE ermitteln + $Where_Start = strpos( $SQL, "WHERE"); + $Where = substr( $SQL, $Where_Start); + if( $Where_Start == 0) $Where = ";"; + + if( strlen( $Where) < 2) + { + $Diff = "can't show, too mutch data (no filter was set)"; + $querry_erg = mysql_query($SQL, $con); + } + else + { + $Daten1 = db_querry_getDatenAssocArray( "SELECT * FROM $Table $Where"); + $querry_erg = mysql_query($SQL, $con); + $Daten2 = db_querry_getDatenAssocArray( "SELECT * FROM $Table $Where"); + $Diff = db_querry_diffDaten($Daten1, $Daten2); + } + } + elseif( strpos( "#$SQL", "DELETE") > 0) + { + $TableWhere = substr( $SQL, 6); + $Diff .= Ausgabe_Daten( "SELECT * $TableWhere"); + + //execute command + $querry_erg = mysql_query($SQL, $con); + } + elseif( strpos( "#$SQL", "INSERT") > 0) + { + //execute command + $querry_erg = mysql_query($SQL, $con); + } + else + { + //execute command + $querry_erg = mysql_query($SQL, $con); + } + + $SQLCommand = "SQL:<br />". htmlentities( $SQL, ENT_QUOTES); + if( strlen($Diff) > 0) + $SQLCommand .= "<br /><br />Diff:<br />$Diff"; + + $Commend = htmlentities( ($Page["Name"]. ": ". $comment), ENT_QUOTES); + //LOG commands in DB + $SQL_SEC = "INSERT INTO `ChangeLog` ( `UID` , `SQLCommad` , `Commend` ) ". + " VALUES ( '". $_SESSION['UID']. "', ". + "'". mysql_escape_string( $SQLCommand). "', ". + "'". mysql_escape_string( $Commend). "' );"; + $erg = mysql_query($SQL_SEC, $con); + echo mysql_error($con); + return $querry_erg; + }//function db_query( } ?> diff --git a/includes/funktion_db_list.php b/includes/funktion_db_list.php index 9393e97e..35bb7255 100755..100644 --- a/includes/funktion_db_list.php +++ b/includes/funktion_db_list.php @@ -1,67 +1,62 @@ -<?PHP +<?php -function funktion_db_list($Table_Name) -{ + +// Gibt eine Tabelle generisch als HTML aus +function funktion_db_list($Table_Name) { global $con; - $SQL = "SELECT * FROM `".$Table_Name."`"; + $html = ""; + + $SQL = "SELECT * FROM `" . $Table_Name . "`"; $Erg = mysql_query($SQL, $con); // anzahl zeilen - $Zeilen = mysql_num_rows($Erg); + $Zeilen = mysql_num_rows($Erg); $Anzahl_Felder = mysql_num_fields($Erg); - echo "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">"; - echo "<caption>DB: $Table_Name</caption>"; + $html .= "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">"; + $html .= "<caption>DB: $Table_Name</caption>"; - echo "<tr class=\"contenttopic\">"; - for ($m = 0 ; $m < $Anzahl_Felder ; $m++) - { - echo "<th>". mysql_field_name($Erg, $m). "</th>"; + $html .= "<tr class=\"contenttopic\">"; + for ($m = 0; $m < $Anzahl_Felder; $m++) { + $html .= "<th>" . mysql_field_name($Erg, $m) . "</th>"; } - echo "</tr>"; + $html .= "</tr>"; - for ($n = 0 ; $n < $Zeilen ; $n++) - { - echo "<tr class=\"content\">"; - for ($m = 0 ; $m < $Anzahl_Felder ; $m++) - { - echo "<td>".mysql_result($Erg, $n, $m). "</td>"; + for ($n = 0; $n < $Zeilen; $n++) { + $html .= "<tr class=\"content\">"; + for ($m = 0; $m < $Anzahl_Felder; $m++) { + $html .= "<td>" . mysql_result($Erg, $n, $m) . "</td>"; } - echo "</tr>"; + $html .= "</tr>"; } - echo "</table>"; + $html .= "</table>"; + return $html; } -function funktion_db_element_list_2row( $TopicName, $SQL) -{ - global $con; +function funktion_db_element_list_2row($TopicName, $SQL) { + $html = ""; + $html .= "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; + $html .= "<caption>$TopicName</caption>"; + # $html .= "<tr class=\"contenttopic\"> <td><h1>$TopicName</h1></td> </tr>\n"; - echo "<table class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; - echo "<caption>$TopicName</caption>"; -# echo "\t<tr class=\"contenttopic\"> <td><h1>$TopicName</h1></td> </tr>\n"; + $Erg = sql_query($SQL); - $Erg = mysql_query($SQL, $con); - echo mysql_error($con); - - echo "<tr class=\"contenttopic\">"; - for ($m = 0 ; $m < mysql_num_fields($Erg) ; $m++) - { - echo "<th>". mysql_field_name($Erg, $m). "</th>"; + $html .= "<tr class=\"contenttopic\">"; + for ($m = 0; $m < mysql_num_fields($Erg); $m++) { + $html .= "<th>" . mysql_field_name($Erg, $m) . "</th>"; } - echo "</tr>"; + $html .= "</tr>"; - for ($n = 0 ; $n < mysql_num_rows($Erg) ; $n++) - { - echo "<tr class=\"content\">"; - for ($m = 0 ; $m < mysql_num_fields($Erg) ; $m++) - { - echo "<td>".mysql_result($Erg, $n, $m). "</td>"; + for ($n = 0; $n < mysql_num_rows($Erg); $n++) { + $html .= "<tr class=\"content\">"; + for ($m = 0; $m < mysql_num_fields($Erg); $m++) { + $html .= "<td>" . mysql_result($Erg, $n, $m) . "</td>"; } - echo "</tr>"; + $html .= "</tr>"; } - echo "</table>\n"; + $html .= "</table>\n"; + return $html; } - ?> diff --git a/includes/funktion_faq.php b/includes/funktion_faq.php deleted file mode 100755 index 641ea38d..00000000 --- a/includes/funktion_faq.php +++ /dev/null @@ -1,12 +0,0 @@ -<?PHP - -function noAnswer() { - global $con; - - $SQL = "SELECT UID FROM Questions WHERE `AID`='0'"; - $Res=mysql_query($SQL, $con); - - return mysql_num_rows($Res); -} - -?> diff --git a/includes/funktion_flag.php b/includes/funktion_flag.php deleted file mode 100644 index 56d8a993..00000000 --- a/includes/funktion_flag.php +++ /dev/null @@ -1,12 +0,0 @@ -<?PHP -echo "<br>"; - -if( strpos( $_SERVER["REQUEST_URI"], "?") >0) - $URL = $_SERVER["REQUEST_URI"]. "&SetLanguage="; -else - $URL = $_SERVER["REQUEST_URI"]. "?SetLanguage="; - -echo "<a href=\"". $URL. "DE\"><img src=\"". $url. $ENGEL_ROOT. "pic/flag/de.gif\" alt=\"DE\"></a> "; -echo "<a href=\"". $URL. "EN\"><img src=\"". $url. $ENGEL_ROOT. "pic/flag/en.gif\" alt=\"EN\"></a> "; - -?> diff --git a/includes/funktion_jabber.php b/includes/funktion_jabber.php index 9c699d70..9c699d70 100755..100644 --- a/includes/funktion_jabber.php +++ b/includes/funktion_jabber.php diff --git a/includes/funktion_lang.php b/includes/funktion_lang.php deleted file mode 100755 index d5d3e144..00000000 --- a/includes/funktion_lang.php +++ /dev/null @@ -1,35 +0,0 @@ -<?PHP - - -function Get_Text ($TextID, $NoError=FALSE) -{ - GLOBAL $con, $error_messages, $DEBUG; - - if( !isset($_SESSION['Sprache'])) - $_SESSION['Sprache'] = "EN"; - if( $_SESSION['Sprache']=="") - $_SESSION['Sprache']="EN"; - if( isset($_GET["SetLanguage"])) - $_SESSION['Sprache']= $_GET["SetLanguage"]; - - $SQL = "SELECT * FROM `Sprache` WHERE TextID=\"$TextID\" AND Sprache ='".$_SESSION['Sprache']."'"; - @$Erg = mysql_query($SQL, $con); - - if( mysql_num_rows( $Erg) == 1) - return (@mysql_result($Erg, 0, "Text")); - elseif( $NoError && !$DEBUG) - return ""; - else - { - array_push($error_messages, "Get_Text, '$TextID' found ". mysql_num_rows( $Erg). "x in Sprache Database Table for Language (".$_SESSION['Sprache'].")\n"); - return "Error Data, '$TextID' found ". mysql_num_rows( $Erg). "x"; - } - -} - -function Print_Text ($TextID, $NoError=FALSE) -{ - echo Get_Text ($TextID, $NoError); -} - -?> diff --git a/includes/funktion_menu.php b/includes/funktion_menu.php deleted file mode 100755 index 87196ede..00000000 --- a/includes/funktion_menu.php +++ /dev/null @@ -1,44 +0,0 @@ -<?PHP - -function ShowMenu( $MenuName) -{ - global $MenueTableStart, $MenueTableEnd, $_SESSION, $DEBUG, $url, $ENGEL_ROOT; - $Gefunden=FALSE; - - //Überschift - $Text = "<h4 class=\"menu\">". Get_Text("$MenuName/"). "</h4>"; - - //einträge - foreach( $_SESSION['CVS'] as $Key => $Entry ) - if( strpos( $Key, ".php") > 0) - if( (strpos( "00$Key", "0$MenuName") > 0) || - ((strlen($MenuName)==0) && (strpos( "0$Key", "/") == 0) ) ) - { - $TempName = Get_Text($Key, TRUE); - if(( TRUE||$DEBUG) && (strlen($TempName)==0) ) - $TempName = "not found: \"$Key\""; - - if( $Entry == "Y") - { - //zum absichtlkichen ausblenden von einträgen - if( strlen($TempName)>1) - { - //sonderfälle: - if( $Key=="admin/faq.php") - $TempName .= " (". noAnswer(). ")"; - //ausgabe - $Text .= "\t\t\t<li><a href=\"". $url. $ENGEL_ROOT. $Key. "\">$TempName</a></li>\n"; - $Gefunden = TRUE; - } - } - elseif( $DEBUG ) - { - $Gefunden = TRUE; - $Text .= "\t\t\t<li>$TempName ($Key)</li>\n"; - } - } - if( $Gefunden) - echo $MenueTableStart.$Text.$MenueTableEnd; -}//function ShowMenue - -?> diff --git a/includes/funktion_modem.php b/includes/funktion_modem.php index 3a74e0f8..8e93ebf4 100755..100644 --- a/includes/funktion_modem.php +++ b/includes/funktion_modem.php @@ -1,35 +1,34 @@ -<?PHP -include "config_modem.php"; +<?php + include "config_modem.php"; -function DialNumber( $Number ) -{ - global $Dev, $ModemEnable; + function DialNumber($Number) { + global $Dev, $ModemEnable; + + if($ModemEnable) { + echo "Dial number: '<u>$Number</u>' was called<br />\n"; - if( $ModemEnable) - { - echo "Dial number: '<u>$Number</u>' was called<br>\n"; - $fp = fopen( $ModemDev, "w"); - sleep(1); - fwrite( $fp, "+++"); - sleep(1); - fwrite( $fp, "ATZ\n"); - sleep(1); - fwrite( $fp, "ATX1\n"); - sleep(1); - fwrite( $fp, "ATD $Number \n"); - sleep(8); - fclose($fp); - sleep(1); - } - else - echo "Modem is Disable, number: '<u>$Number</u>' was not called<br>\n"; + $fp = fopen( $ModemDev, "w"); + sleep(1); + fwrite( $fp, "+++"); + sleep(1); + fwrite( $fp, "ATZ\n"); + sleep(1); + fwrite( $fp, "ATX1\n"); + sleep(1); + fwrite( $fp, "ATD $Number \n"); + sleep(8); + fclose($fp); + sleep(1); + } + else + echo "Modem is Disable, number: '<u>$Number</u>' was not called<br />\n"; } function SetWackeup( $Number, $TimeH, $TimeM) { - global $WackupNumber; - DialNumber( "$WackupNumber$TimeH$TimeM$Number"); + global $WakeupNumber; + DialNumber( "$WakeupNumber$TimeH$TimeM$Number"); } ?> diff --git a/includes/funktion_schichtplan.php b/includes/funktion_schichtplan.php deleted file mode 100755 index 0b5b9910..00000000 --- a/includes/funktion_schichtplan.php +++ /dev/null @@ -1,389 +0,0 @@ -<?php - - -/*####################################################### -# gibt die engelschischten aus # -#######################################################*/ -function ausgabe_Feld_Inhalt( $SID, $Man ) -{ -// gibt, nach übergabe der der SchichtID (SID) und der RaumBeschreibung, -// die eingetragenden und und offenden Schichteintäge zurück - global $EngelType, $EngelTypeID, $TID2Name, $con, $DEBUG, $gmdateOffset; - - $Spalten = ""; - - if( !isset($_GET["Icon"])) - $_GET["Icon"]=1; - - /////////////////////////////////////////////////////////////////// - // Schow Admin Page - /////////////////////////////////////////////////////////////////// - $Spalten.=funktion_isLinkAllowed_addLink_OrEmpty( - "admin/schichtplan.php?action=change&SID=$SID", - "edit<br>\n\t\t"); - - /////////////////////////////////////////////////////////////////// - // Ausgabe des Schischtnamens - /////////////////////////////////////////////////////////////////// - $SQL = "SELECT `URL` FROM `Shifts` WHERE (`SID` = '$SID');"; - $Erg = mysql_query($SQL, $con); - if( mysql_result($Erg, 0, 0) != "") - $Spalten.="<a href=\"". mysql_result($Erg, 0, 0). "\" target=\"_black\"><u>$Man:</u></a><br>"; - else - $Spalten.="<u>".$Man.":</u><br>"; - - - /////////////////////////////////////////////////////////////////// - // SQL abfrage für die benötigten schichten - /////////////////////////////////////////////////////////////////// - $SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID` = '$SID') ORDER BY `TID`, `UID` DESC ;"; - $Erg = mysql_query($SQL, $con); - - $Anzahl = mysql_num_rows($Erg); - $Feld=0; - $Temp_TID_old=-1; - for( $i = 0; $i < $Anzahl; $i++ ) - { - if( isset($Temp[$Feld]["TID"])) - $Temp_TID_old = $Temp[$Feld]["TID"]; - if( isset($Temp[$Feld]["UID"])) - $Temp_UID_old = $Temp[$Feld]["UID"]; - - $Temp_TID = mysql_result($Erg, $i, "TID"); - - // wenn sich der Type ändert wird zumnästen feld geweckselt - if( $Temp_TID_old != $Temp_TID ) - $Feld++; - - $Temp[$Feld]["TID"] = $Temp_TID; - $Temp[$Feld]["UID"] = mysql_result($Erg, $i, "UID"); - - // sonderfall ersten durchlauf - if( $i == 0 ) - { - $Temp_TID_old = $Temp[$Feld]["TID"]; - $Temp_UID_old = $Temp[$Feld]["UID"]; - } - - // ist es eine zu vergeben schicht? - if( $Temp[$Feld]["UID"] == 0 ) - { - if( isset($Temp[$Feld]["free"])) - $Temp[$Feld]["free"]++; - else - $Temp[$Feld]["free"]=1; - } - else - $Temp[$Feld]["Engel"][] = $Temp[$Feld]["UID"]; - } // FOR - - - /////////////////////////////////////////////////////////////////// - // Aus gabe der Schicht - /////////////////////////////////////////////////////////////////// - if( isset($Temp)) - if( count($Temp) ) - foreach( $Temp as $TempEntry => $TempValue ) - { - if( !isset($TempValue["free"])) - $TempValue["free"] = 0; - - // ausgabe EngelType - $Spalten.= $EngelTypeID[ $TempValue["TID"] ]. " "; - - // ausgabe Eingetragener Engel - if( isset($TempValue["Engel"])) - if( count($TempValue["Engel"]) > 0 ) - { - if( count($TempValue["Engel"]) == 1 ) - $Spalten.= Get_Text("inc_schicht_ist"). ":<br>\n\t\t"; - else - $Spalten.= Get_Text("inc_schicht_sind"). ":<br>\n\t\t"; - - foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID ) - { - if( funktion_isLinkAllowed( "admin/user.php") === TRUE) - { - // add color, wenn Engel "Gekommen" - $TempText= - ((UIDgekommen( $TempEngelID ) == "1") - ? "<span style=\"color: blue;\">" - : "<span style=\"color: red;\">"). - UID2Nick( $TempEngelID). "</span>"; - } - else - { - $TempText = UID2Nick( $TempEngelID ); - } - - // add link to user - $TempText= funktion_isLinkAllowed_addLink_OrLinkText( - "admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal", - $TempText); - - $Spalten.= " ". $TempText. - ( ($_GET["Icon"]==1) ? DisplayAvatar( $TempEngelID): ""). - "<br>\n\t\t"; - - - } - $Spalten = substr( $Spalten, 0, strlen($Spalten)-7 ); - } - - // ausgabe benötigter Engel - //////////////////////////// - //in vergangenheit - $SQLtime = "SELECT `DateE` FROM `Shifts` WHERE (`SID`='$SID' AND `DateE` >= '". - gmdate("Y-m-d H:i:s", time()+ $gmdateOffset). "')"; - $Ergtime = mysql_query($SQLtime, $con); - if( mysql_num_rows( $Ergtime) > 0) - { - //wenn keien rechte definiert sind - if( !isset($_SESSION['CVS'][ $TID2Name[$TempValue["TID"]] ])) - $_SESSION['CVS'][ $TID2Name[$TempValue["TID"]] ] = "Y"; - - if( $_SESSION['CVS'][ $TID2Name[$TempValue["TID"]] ] == "Y") - if( $TempValue["free"] > 0 ) - { - $Spalten.= "<br>\n\t\t <a href=\"./schichtplan_add.php?SID=$SID&TID=". - $TempValue["TID"]."\">"; - $Spalten.= $TempValue["free"]; - if( $TempValue["free"] != 1 ) - $Spalten.= Get_Text("inc_schicht_weitere"). - " ".Get_Text("inc_schicht_Engel"). - Get_Text("inc_schicht_wird"); - else - $Spalten.= Get_Text("inc_schicht_weiterer"). - " ".Get_Text("inc_schicht_Engel"). - Get_Text("inc_schicht_werden"); - $Spalten.= Get_Text("inc_schicht_noch_gesucht"); - $Spalten.= "</a>"; - } - } - else - { - if( isset($TempValue["free"])) - if( $TempValue["free"] > 0 ) - $Spalten.= "<br>\n\t\t <h3><a>Fehlen noch: ". - $TempValue["free"]. "</a></h3>"; - } - $Spalten.= "<br>\n\t\t"; - - } // FOREACH - return $Spalten; -} // function Ausgabe_Feld_Inhalt - - - -/*####################################################### -# gibt die engelschischten Druckergerecht aus # -#######################################################*/ -function Ausgabe_Feld_Inhalt_Druck($RID, $Man ) -{ -// gibt, nach übergabe der der SchichtID (SID) und der RaumBeschreibung, -// die eingetragenden und und offenden Schichteintäge zurück - - -} // function Ausgabe_Feld_Inhalt - - - - -/*####################################################### -# Ausgabe der Raum Spalten # -#######################################################*/ -function CreateRoomShifts( $raum ) -{ - global $Spalten, $ausdatum, $con, $DEBUG, $GlobalZeileProStunde, $error_messages; - - ///////////////////////////////////////////////////////////// - // beginnt die erste schicht vor dem heutigen tag und geht darüber hinaus - ///////////////////////////////////////////////////////////// - $SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` ". - "WHERE ((`RID` = '$raum') AND (`DateE` > '$ausdatum 23:59:59') AND ". - "(`DateS` < '$ausdatum 00:00:00') ) ORDER BY `DateS`;"; - $ErgSonder = mysql_query($SQLSonder, $con); - if( (mysql_num_rows( $ErgSonder) > 1) ) - { - if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE ) - { - echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> "; - for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++) - { - echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". - mysql_result($ErgSonder, $i, "SID"). "\">". - mysql_result($ErgSonder, $i, "DateS"). - " '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-24)". - "</a><br>\n\t\t"; - } - } - } - elseif( (mysql_num_rows( $ErgSonder) == 1) ) - { - $Spalten[0].= "\t\t<td valign=\"top\" rowspan=\"". (24 * $GlobalZeileProStunde). "\">\n". - "\t\t\t<h3>↑↑↑</h3>". - Ausgabe_Feld_Inhalt( mysql_result($ErgSonder, 0, "SID"), - mysql_result($ErgSonder, 0, "Man") ). - "\t\t\t<h3>↓↓↓</h3>". - "\n\t\t</td>\n"; - return; - } - - $ZeitZeiger = 0; - - ///////////////////////////////////////////////////////////// - // beginnt die erste schicht vor dem heutigen tag? - ///////////////////////////////////////////////////////////// - $SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` ". - "WHERE ((`RID` = '$raum') AND (`DateE` > '$ausdatum 00:00:00') AND ". - "(`DateS` < '$ausdatum 00:00:00') ) ORDER BY `DateS`;"; - $ErgSonder = mysql_query($SQLSonder, $con); - if( (mysql_num_rows( $ErgSonder) > 1) ) - { - if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE ) - { - echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> "; - for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++) - { - echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". - mysql_result($ErgSonder, $i, "SID"). "\">". - mysql_result($ErgSonder, $i, "DateS"). - " '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-xx)". - "</a><br>\n\t\t"; - } - } - } - elseif( (mysql_num_rows( $ErgSonder) == 1) ) - { - $ZeitZeiger = substr( mysql_result($ErgSonder, 0, "DateE"), 11, 2 )+ - (substr( mysql_result($ErgSonder, 0, "DateE"), 14, 2 ) / 60); - $Spalten[0].= "\t\t<td valign=\"top\" rowspan=\"". ($ZeitZeiger * $GlobalZeileProStunde). "\">\n". - "\t\t\t<h3>↑↑↑</h3>". - Ausgabe_Feld_Inhalt( mysql_result($ErgSonder, 0, "SID"), - mysql_result($ErgSonder, 0, "Man") ). - "\n\t\t</td>\n"; - } - - ///////////////////////////////////////////////////////////// - // gibt die schichten für den tag aus - ///////////////////////////////////////////////////////////// - $SQL = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` ". - "WHERE ((`RID` = '$raum') and ". - "(`DateS` >= '$ausdatum $ZeitZeiger:00:00') and ". - "(`DateS` like '$ausdatum%')) ORDER BY `DateS`;"; - $Erg = mysql_query($SQL, $con); - for( $i = 0; $i < mysql_num_rows($Erg); ++$i ) - { - $ZeitPos = substr( mysql_result($Erg, $i, "DateS"), 11, 2 )+ - (substr( mysql_result($Erg, $i, "DateS"), 14, 2 ) / 60); - $len = mysql_result($Erg, $i, "Len"); - - if( $len <= 0) - array_push( $error_messages, "Error in shift denition SID=". mysql_result($Erg, $i, "SID"). " Len=$len"); - - if( $ZeitZeiger < $ZeitPos ) - { - $Spalten[$ZeitZeiger * $GlobalZeileProStunde].= - "\t\t<td valign=\"top\" rowspan=\"". ( ($ZeitPos - $ZeitZeiger ) * $GlobalZeileProStunde ). "\"> </td>\n"; - - $ZeitZeiger += $ZeitPos - $ZeitZeiger; - } - if($ZeitZeiger == $ZeitPos ) - { - //sonderfall wenn die schicht über dei 24 stunden hinaus geht - // (eintrag abkürzen, pfeiel ausgeben) - $Spalten[$ZeitZeiger * $GlobalZeileProStunde].= - "\t\t<td valign=\"top\" rowspan=\"". - ( ( ($len+$ZeitZeiger)? $len : 24-$len+$ZeitZeiger) * $GlobalZeileProStunde). - "\">\n". - "\t\t\t". - Ausgabe_Feld_Inhalt( mysql_result($Erg, $i, "SID"), - mysql_result($Erg, $i, "Man") ). - (( ($ZeitZeiger+$len) > 24)? "\t\t\t<h3>↓↓↓</h3>" : ""). - "\n\t\t</td>\n"; - $ZeitZeiger += $len; - } - else - { - echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> "; - echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". - mysql_result($Erg, $i, "SID"). "\">". - mysql_result($Erg, $i, "DateS"). - " '". mysql_result($Erg, $i, "Man"). "' ". - " (". mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)</a><br><br>"; - } - } - if( $ZeitZeiger < 24 ) - $Spalten[($ZeitZeiger * $GlobalZeileProStunde)].= - "\t\t<td valign=\"top\" rowspan=\"". - ((24 - $ZeitZeiger) * $GlobalZeileProStunde ). - "\"> </td>\n"; -} // function CreateRoomShifts - - -/*####################################################### -# Ausgabe der freien schichten # -#######################################################*/ -function showEmptyShifts( ) -{ - global $con, $DEBUG, $RoomID, $gmdateOffset; - - echo "<table border=\"1\">\n"; - echo "<tr>\n"; - echo "\t<th>". Get_Text("inc_schicht_date"). "</th>\n"; - echo "\t<th>". Get_Text("inc_schicht_time"). "</th>\n"; - echo "\t<th>". Get_Text("inc_schicht_room"). "</th>\n"; - echo "\t<th>". Get_Text("inc_schicht_commend"). "</th>\n"; - echo "</tr>\n"; - - $sql = "SELECT `SID`, `DateS`, `Man`, `RID` FROM `Shifts` ". - "WHERE (`Shifts`.`DateS`>='". gmdate("Y-m-d H:i:s", time()+$gmdateOffset). "') ". - "ORDER BY `DateS`, `RID`;"; - $Erg = mysql_query($sql, $con); - - $angezeigt = 0; - for ($i=0; ($i<mysql_num_rows($Erg)) && ($angezeigt< 15); $i++) - if( isset($RoomID[mysql_result( $Erg, $i, "RID")])) - if( $RoomID[mysql_result( $Erg, $i, "RID")]!="" ) - { - $Sql2 = "SELECT `UID` FROM `ShiftEntry` ". - "WHERE `SID`=". mysql_result( $Erg, $i, "SID"). " AND ". - "`UID`='0';"; - $Erg2 = mysql_query($Sql2, $con); - - if( mysql_num_rows($Erg2)>0) - { - $angezeigt++; - echo "<tr>\n"; - echo "\t<td>". substr(mysql_result( $Erg, $i, "DateS"), 0, 10). "</td>\n"; - echo "\t<td>". substr(mysql_result( $Erg, $i, "DateS"), 11). "</td>\n"; - echo "\t<td>". $RoomID[mysql_result( $Erg, $i, "RID")]. "</td>\n"; - echo "\t<td>". - ausgabe_Feld_Inhalt( mysql_result( $Erg, $i, "SID"), mysql_result( $Erg, $i, "Man")). - "</td>\n"; - echo "</tr>\n"; - } - } - - echo "</table>\n"; - -} //function showEmptyShifts - - -/*####################################################### -# Gibt die anzahl der Schichten im Raum zurück # -#######################################################*/ -function SummRoomShifts( $raum ) -{ - global $ausdatum, $con, $DEBUG, $GlobalZeileProStunde; - - $SQLSonder = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` ". - "WHERE ((`RID` = '$raum') AND (`DateE` >= '$ausdatum 00:00:00') AND ". - "(`DateS` <= '$ausdatum 23:59:59') ) ORDER BY `DateS`;"; - - $ErgSonder = mysql_query($SQLSonder, $con); - - return mysql_num_rows($ErgSonder); -} - -?> diff --git a/includes/funktion_schichtplan_Tage.php b/includes/funktion_schichtplan_Tage.php deleted file mode 100755 index 5ac92e7e..00000000 --- a/includes/funktion_schichtplan_Tage.php +++ /dev/null @@ -1,87 +0,0 @@ -<?PHP - -if( !function_exists("DatumUm1TagErhoehen")) -{ - function DatumUm1TagErhoehen( $Datum) - { - $Jahr = substr( $Datum, 0, 4); - $Monat = substr( $Datum, 5, 2); - $Tag = substr( $Datum, 8, 2); - - $Tag++; - - switch( $Monat) - { - case 1: $Mmax=31; break; - case 2: $Mmax=28; break; - case 3: $Mmax=31; break; - case 4: $Mmax=30; break; - case 5: $Mmax=31; break; - case 6: $Mmax=30; break; - case 7: $Mmax=31; break; - case 8: $Mmax=31; break; - case 9: $Mmax=30; break; - case 10: $Mmax=31; break; - case 11: $Mmax=30; break; - case 12: $Mmax=31; break; - } - - if( $Tag > $Mmax) - { - $Tag = 1; - $Monat++; - } - - if( $Monat > 12 ) - { - $Monat = 1; - $Jahr++; - } - - $Tag = strlen( $Tag ) == 1 ? "0".$Tag : $Tag; - $Monat = strlen( $Monat ) == 1 ? "0".$Monat : $Monat; - - return ("$Jahr-$Monat-$Tag"); - } //function DatumUm1Tagerhoehen( -} - -//suchen den ersten eintrags -$SQL = "SELECT `DateS` FROM `Shifts` ORDER BY `DateS` LIMIT 1"; -$Erg = mysql_query($SQL, $con); - -$Pos=0; - -if( mysql_num_rows($Erg)>0) -{ - do - { - //Startdatum einlesen und link ausgeben - $DateS = substr(mysql_result($Erg, 0 , 0), 0,10); - $VeranstaltungsTage[$Pos++] = $DateS; - - //auslesen den endes und eventuelle weitere tage ausgeben - $SQL2 = "SELECT MAX(`DateE`) FROM `Shifts` ". - "WHERE ( (`DateS` like '$DateS%') AND NOT (`DateE` like '%00:00:00'))"; - $Erg2 = mysql_query($SQL2, $con); - $DateE = substr(mysql_result($Erg2, 0 , 0), 0,10); - - if( strlen($DateE) == 0) - $DateE = $DateS; - else - while( $DateS != $DateE) - { - $DateS = DatumUm1TagErhoehen( $DateS); - $VeranstaltungsTage[$Pos++] = $DateS; - } - - //suchen den nästen eintrag - $SQL = "SELECT `DateS` FROM `Shifts` ". - "WHERE (`DateS` > '$DateE 23:59:59' ) ". - "ORDER BY `DateS` ". - "LIMIT 1"; - $Erg = mysql_query($SQL, $con); - } while( mysql_fetch_row($Erg) > 0); -} -$VeranstaltungsTageMax = $Pos-1; - -?> diff --git a/includes/funktion_schichtplan_beamer.php b/includes/funktion_schichtplan_beamer.php index ab935e0d..85c5ffe8 100755..100644 --- a/includes/funktion_schichtplan_beamer.php +++ b/includes/funktion_schichtplan_beamer.php @@ -5,176 +5,176 @@ #######################################################*/ // erstellt ein Array der Reume - $sql = "SELECT `RID`, `Name` FROM `Room` ". - "WHERE `Show`='Y'". - "ORDER BY `Number`, `Name`;"; - - $Erg = mysql_query($sql, $con); - $rowcount = mysql_num_rows($Erg); - - for ($i=0; $i<$rowcount; $i++) - { - $Room[$i]["RID"] = mysql_result($Erg, $i, "RID"); - $Room[$i]["Name"] = mysql_result($Erg, $i, "Name"); - - $RoomID[ mysql_result($Erg, $i, "RID") ] = mysql_result($Erg, $i, "Name"); - } + $sql = "SELECT `RID`, `Name` FROM `Room` ". + "WHERE `Show`='Y'". + "ORDER BY `Number`, `Name`;"; + + $Erg = mysql_query($sql, $con); + $rowcount = mysql_num_rows($Erg); + + for ($i=0; $i<$rowcount; $i++) + { + $Room[$i]["RID"] = mysql_result($Erg, $i, "RID"); + $Room[$i]["Name"] = mysql_result($Erg, $i, "Name"); + + $RoomID[ mysql_result($Erg, $i, "RID") ] = mysql_result($Erg, $i, "Name"); + } // erstellt ein Aray der Engeltypen - $sql = "SELECT `TID`, `Name` FROM `EngelType` ORDER BY `Name`"; - $Erg = mysql_query($sql, $con); - $rowcount = mysql_num_rows($Erg); - for ($i=0; $i<$rowcount; $i++) - { - $EngelType[$i]["TID"] = mysql_result($Erg, $i, "TID"); - $EngelType[$i]["Name"] = mysql_result($Erg, $i, "Name").Get_Text("inc_schicht_engel"); + $sql = "SELECT `TID`, `Name` FROM `EngelType` ORDER BY `Name`"; + $Erg = mysql_query($sql, $con); + $rowcount = mysql_num_rows($Erg); + for ($i=0; $i<$rowcount; $i++) + { + $EngelType[$i]["TID"] = mysql_result($Erg, $i, "TID"); + $EngelType[$i]["Name"] = mysql_result($Erg, $i, "Name").Get_Text("inc_schicht_engel"); - $EngelTypeID[ mysql_result($Erg, $i, "TID") ] = - mysql_result($Erg, $i, "Name").Get_Text("inc_schicht_engel"); - } + $EngelTypeID[ mysql_result($Erg, $i, "TID") ] = + mysql_result($Erg, $i, "Name").Get_Text("inc_schicht_engel"); + } /*####################################################### -# gibt die engelschischten aus # +# gibt die engelschischten aus # #######################################################*/ function ausgabe_Feld_Inhalt( $SID, $Man ) { // gibt, nach übergabe der der SchichtID (SID) und der RaumBeschreibung, // die eingetragenden und und offenden Schichteintäge zurück - global $EngelType, $EngelTypeID, $con; - //form Config - global $DEBUG; - - $Out = ""; - - $Out.= "<table border=\"0\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" frame=\"void\">\n"; - - $Out.= "\t\t\t<colgroup span=\"2\" align=\"left\" valign=\"center\">\n". - "\t\t\t\t<col width=\"45%\">\n". - "\t\t\t\t<col width=\"*\">\n". - "\t\t\t\t</colgroup>\n"; - - /////////////////////////////////////////////////////////////////// - // SQL abfrage für die benötigten schichten - /////////////////////////////////////////////////////////////////// - $SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID` = '$SID') ORDER BY `TID`, `UID` DESC ;"; - $Erg = mysql_query($SQL, $con); - - $Anzahl = mysql_num_rows($Erg); - $Feld=-1; - for( $i = 0; $i < $Anzahl; $i++ ) - { - - $Temp_TID = mysql_result($Erg, $i, "TID"); - - // wenn sich der Type ändert wird zumnästen feld geweckselt - if( ($i==0) || ($Temp_TID_old != $Temp_TID) ) - { - $Feld++; - $Temp[$Feld]["free"]=0; - $Temp[$Feld]["Engel"]=array(); - } - - $Temp[$Feld]["TID"] = $Temp_TID; - $Temp[$Feld]["UID"] = mysql_result($Erg, $i, "UID"); - - // ist es eine zu vergeben schicht? - if( $Temp[$Feld]["UID"] == 0 ) - $Temp[$Feld]["free"]++; - else - $Temp[$Feld]["Engel"][] = $Temp[$Feld]["UID"]; - - $Temp_TID_old = $Temp[$Feld]["TID"]; - } // FOR - - - /////////////////////////////////////////////////////////////////// - // Aus gabe der Schicht - /////////////////////////////////////////////////////////////////// - if( isset($Temp) && count($Temp) ) - foreach( $Temp as $TempEntry => $TempValue ) - { - $Out.= "\t\t\t<tr>\n"; - - // ausgabe EngelType - $Out.= "\t\t\t\t<td>". $EngelTypeID[ $TempValue["TID"] ]; - - // ausgabe Eingetragener Engel - if( count($TempValue["Engel"]) > 0 ) - { - if( count($TempValue["Engel"]) == 1 ) - $Out.= " ". trim(Get_Text("inc_schicht_ist")). ":"; - else - $Out.= " ". trim(Get_Text("inc_schicht_sind")). ":"; - $Out.= "</td>\n"; - $Out.= "\t\t\t\t<td>"; - - foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID ) - $Out.= UID2Nick( $TempEngelID ). ", "; -// $Out.= UID2Nick( $TempEngelID ). DisplayAvatar( $TempEngelID ). ", "; - $Out = substr( $Out, 0, strlen($Out)-2 ); - } - else - { - $Out.= ":</td>\n"; - $Out.= "\t\t\t\t<td>\n"; - } - - - // ausgabe benötigter Engel - //////////////////////////// - if( $_SESSION['CVS']["nonpublic/schichtplan_add.php"] == "Y") + global $EngelType, $EngelTypeID, $con; + //form Config + global $debug; + + $Out = ""; + + $Out.= "<table border=\"0\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" frame=\"void\">\n"; + + $Out.= "<colgroup span=\"2\" align=\"left\" valign=\"center\">\n". + "<col width=\"45%\">\n". + "<col width=\"*\">\n". + "</colgroup>\n"; + + /////////////////////////////////////////////////////////////////// + // SQL abfrage für die benötigten schichten + /////////////////////////////////////////////////////////////////// + $SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID` = '$SID') ORDER BY `TID`, `UID` DESC ;"; + $Erg = mysql_query($SQL, $con); + + $Anzahl = mysql_num_rows($Erg); + $Feld=-1; + for( $i = 0; $i < $Anzahl; $i++ ) + { + + $Temp_TID = mysql_result($Erg, $i, "TID"); + + // wenn sich der Type ändert wird zumnästen feld geweckselt + if( ($i==0) || ($Temp_TID_old != $Temp_TID) ) + { + $Feld++; + $Temp[$Feld]["free"]=0; + $Temp[$Feld]["Engel"]=array(); + } + + $Temp[$Feld]["TID"] = $Temp_TID; + $Temp[$Feld]["UID"] = mysql_result($Erg, $i, "UID"); + + // ist es eine zu vergeben schicht? + if( $Temp[$Feld]["UID"] == 0 ) + $Temp[$Feld]["free"]++; + else + $Temp[$Feld]["Engel"][] = $Temp[$Feld]["UID"]; + + $Temp_TID_old = $Temp[$Feld]["TID"]; + } // FOR + + + /////////////////////////////////////////////////////////////////// + // Aus gabe der Schicht + /////////////////////////////////////////////////////////////////// + if( isset($Temp) && count($Temp) ) + foreach( $Temp as $TempEntry => $TempValue ) + { + $Out.= "<tr>\n"; + + // ausgabe EngelType + $Out.= "<td>". $EngelTypeID[ $TempValue["TID"] ]; + + // ausgabe Eingetragener Engel + if( count($TempValue["Engel"]) > 0 ) + { + if( count($TempValue["Engel"]) == 1 ) + $Out.= " ". trim(Get_Text("inc_schicht_ist")). ":"; + else + $Out.= " ". trim(Get_Text("inc_schicht_sind")). ":"; + $Out.= "</td>\n"; + $Out.= "<td>"; + + foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID ) + $Out.= UID2Nick( $TempEngelID ). ", "; +// $Out.= UID2Nick( $TempEngelID ). DisplayAvatar( $TempEngelID ). ", "; + $Out = substr( $Out, 0, strlen($Out)-2 ); + } + else + { + $Out.= ":</td>\n"; + $Out.= "<td>\n"; + } + + + // ausgabe benötigter Engel + //////////////////////////// + if( $_SESSION['CVS']["nonpublic/schichtplan_add.php"] == "Y") { - if ( $TempValue["free"] > 0) - { - if( count($TempValue["Engel"]) > 0) - $Out.= ", "; - $Out.= $TempValue["free"]. "x free "; - } - } - $Out.= "</td>\n"; - $Out.= "\t\t\t</tr>\n"; - - } // FOREACH - - $Out.= "\t\t\t</table>\n\t"; - - return $Out; + if ( $TempValue["free"] > 0) + { + if( count($TempValue["Engel"]) > 0) + $Out.= ", "; + $Out.= $TempValue["free"]. "x free "; + } + } + $Out.= "</td>\n"; + $Out.= "</tr>\n"; + + } // FOREACH + + $Out.= "</table>\n"; + + return $Out; } // function Ausgabe_Feld_Inhalt /*####################################################### -# gibt die engelschischten für einen Ruam aus # +# gibt die engelschischten für einen Ruam aus # #######################################################*/ function ausgabe_Zeile( $RID, $Time, &$AnzahlEintraege ) { - global $con; - - $SQL = "SELECT `SID`, `Len`, `Man` FROM `Shifts` ". - "WHERE ( (`RID` = '$RID') AND ". - "((`DateE` like '". gmdate("Y-m-d H", $Time+3600). "%') OR ". - " (`DateS` like '". gmdate("Y-m-d H", $Time). "%')) ) ORDER BY `DateS`;"; - - $ErgRoom = mysql_query($SQL, $con); - $Out= "\t<td>"; - if( mysql_num_rows( $ErgRoom)>0 ) - for( $i=1; $i<=mysql_num_rows( $ErgRoom); $i++ ) - { - $AnzahlEintraege++; - $Out.= ausgabe_Feld_Inhalt( mysql_result( $ErgRoom, $i-1, "SID"), - mysql_result( $ErgRoom, $i-1, "Man")); - if( (mysql_num_rows( $ErgRoom) > 1) && !($i==mysql_num_rows( $ErgRoom)) ) - $Out.= "<br>"; -// $Out.= "<hr width=\"95%\" align=\"center\">\n\t\t\t\t"; - - } - else - $Out.= " "; - - $Out.= "</td>\n"; - - return $Out; + global $con; + + $SQL = "SELECT `SID`, `Len`, `Man` FROM `Shifts` ". + "WHERE ( (`RID` = '$RID') AND ". + "((`DateE` like '". gmdate("Y-m-d H", $Time+3600). "%') OR ". + " (`DateS` like '". gmdate("Y-m-d H", $Time). "%')) ) ORDER BY `DateS`;"; + + $ErgRoom = mysql_query($SQL, $con); + $Out= "<td>"; + if( mysql_num_rows( $ErgRoom)>0 ) + for( $i=1; $i<=mysql_num_rows( $ErgRoom); $i++ ) + { + $AnzahlEintraege++; + $Out.= ausgabe_Feld_Inhalt( mysql_result( $ErgRoom, $i-1, "SID"), + mysql_result( $ErgRoom, $i-1, "Man")); + if( (mysql_num_rows( $ErgRoom) > 1) && !($i==mysql_num_rows( $ErgRoom)) ) + $Out.= "<br />"; +// $Out.= "<hr width=\"95%\" align=\"center\">\n"; + + } + else + $Out.= " "; + + $Out.= "</td>\n"; + + return $Out; } ?> diff --git a/includes/funktion_user.php b/includes/funktion_user.php deleted file mode 100755 index 0cdf8144..00000000 --- a/includes/funktion_user.php +++ /dev/null @@ -1,132 +0,0 @@ -<?php - -function UID2Nick($UID) -{ - global $con; - - if( $UID>0) { - $SQL = "SELECT Nick FROM `User` WHERE UID='$UID'"; - } else { - $SQL = "SELECT Name FROM `UserGroups` WHERE UID='$UID'"; - } - $Erg = mysql_query($SQL, $con); - - //echo $UID."#"; - if( mysql_num_rows($Erg)) { - if( $UID>0 ) { - return mysql_result($Erg, 0); - } else { - return "Group-".mysql_result($Erg, 0); - } - } else { - if( $UID == -1) - return "logout User"; - else - return "UserID $UID not found"; - } -} - - -function TID2Type($TID) -{ - global $con; - - $SQL = "SELECT Name FROM `EngelType` WHERE TID='$TID'"; - $Erg = mysql_query($SQL, $con); - - if( mysql_num_rows($Erg)) - return mysql_result($Erg, 0); - else - return ""; -} - - -function ReplaceSmilies($eckig) -{ - global $url, $ENGEL_ROOT; - - $neueckig = $eckig; - $neueckig = str_replace(";o))", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_redface.gif\">",$neueckig); - $neueckig = str_replace(":-))", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_redface.gif\">",$neueckig); - $neueckig = str_replace(";o)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_wind.gif\">",$neueckig); - $neueckig = str_replace(":)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_smile.gif\">",$neueckig); - $neueckig = str_replace(":-)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_smile.gif\">",$neueckig); - $neueckig = str_replace(":(", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_sad.gif\">",$neueckig); - $neueckig = str_replace(":-(", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_sad.gif\">",$neueckig); - $neueckig = str_replace(":o(", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_sad.gif\">",$neueckig); - $neueckig = str_replace(":o)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_lol.gif\">",$neueckig); - $neueckig = str_replace(";o(", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_cry.gif\">",$neueckig); - $neueckig = str_replace(";(", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_cry.gif\">",$neueckig); - $neueckig = str_replace(";-(", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_cry.gif\">",$neueckig); - $neueckig = str_replace("8)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_rolleyes.gif\">",$neueckig); - $neueckig = str_replace("8o)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_rolleyes.gif\">",$neueckig); - $neueckig = str_replace(":P", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_evil.gif\">",$neueckig); - $neueckig = str_replace(":-P", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_evil.gif\">",$neueckig); - $neueckig = str_replace(":oP", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_evil.gif\">",$neueckig); - $neueckig = str_replace(";P", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_mad.gif\">",$neueckig); - $neueckig = str_replace(";oP", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_mad.gif\">",$neueckig); - $neueckig = str_replace("?)", "<img src=\"". $url. $ENGEL_ROOT. "pic/smiles/icon_question.gif\">",$neueckig); - return $neueckig; -} - - -function GetPicturShow($UID) -{ - global $con; - - $SQL= "SELECT `show` FROM `UserPicture` WHERE `UID`='$UID'"; - $res = mysql_query( $SQL, $con); - if( mysql_num_rows($res) == 1) - return mysql_result( $res, 0, 0); - else - return ""; -} - - -/* Parameter: - <UserID> - [<Höhe des Bildes (wenn die höhe kleiner 1 ist wird die höhe nicht begrenzt)>] */ -function displayPictur($UID, $height="30") -{ - global $url, $ENGEL_ROOT; - if( $height > 0) - return( "<img src=\"". $url. $ENGEL_ROOT. "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\">"); - else - return( "<img src=\"". $url. $ENGEL_ROOT. "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\">"); -} - - -/* Parameter: - <UserID> - [<Höhe des Bildes (wenn die höhe kleiner 1 ist wird die höhe nicht begrenzt)>] */ -function displayavatar( $UID, $height="30") -{ - global $con, $url, $ENGEL_ROOT; - - if( GetPicturShow($UID) == 'Y') - return " ". displayPictur( $UID, $height); - - // show avator - $asql = "select * from User where UID = $UID"; - $aerg = mysql_query ($asql, $con); - if( mysql_num_rows($aerg) ) - if( mysql_result($aerg, 0, "Avatar") > 0) - return (" <img src=\"". $url. $ENGEL_ROOT. "pic/avatar/avatar". mysql_result($aerg, 0, "Avatar"). ".gif\">"); - -} - -function UIDgekommen($UID) -{ - global $con; - - $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='$UID'"; - $Erg = mysql_query($SQL, $con); - - //echo $UID."#"; - if( mysql_num_rows($Erg)) - return mysql_result($Erg, 0); - else - return "0"; -} - -?> diff --git a/includes/funktion_xml.php b/includes/funktion_xml.php index 8e911a4f..4ab3bfd5 100755..100644 --- a/includes/funktion_xml.php +++ b/includes/funktion_xml.php @@ -1,162 +1,152 @@ -<?PHP - - -class element -{ +<?php +class element { var $name = ''; - var $attributes = array(); + var $attributes = array (); var $data = ''; var $depth = 0; - var $sub = array(); + var $sub = array (); } $XMLDEBUG = 0; $depth = 0; $XMLmain = new element; -$XMLpos = array( 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); +$XMLpos = array ( + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0 +); //$XMLpos = array( 0, 0, 0, 0, 0, 0); - -function convertValues( $Data) -{ + +function convertValues($Data) { global $XMLDEBUG; - if( $XMLDEBUG) - { + + if ($XMLDEBUG) { $Data = htmlspecialchars($Data); $Data = mysql_escape_string($Data); $Data = htmlentities($Data); } + $Data = utf8_decode($Data); return $Data; } - -function dataXMLmain( $Data, &$Objekt, $Tiefe ) -{ +function dataXMLmain($Data, & $Objekt, $Tiefe) { global $XMLmain, $XMLpos, $depth, $XMLDEBUG; - - if( $XMLDEBUG) - echo "?$Tiefe$depth"; - if( ($depth-1)==$Tiefe) - { -// $Objekt->sub[ $XMLpos[$Tiefe] ]->data .= convertValues($Data); - $Objekt->sub[ $XMLpos[$Tiefe] ]->data .= htmlentities( convertValues($Data), ENT_QUOTES); - - if( $XMLDEBUG) - echo "???". $Objekt->sub[ $XMLpos[$Tiefe] ]->name. "|$Data|$Tiefe???<br>"; - } - else - dataXMLmain( $Data, $Objekt->sub[ $XMLpos[$Tiefe] ], $Tiefe+1); + + if ($XMLDEBUG) + echo "?$Tiefe$depth"; + + if (($depth -1) == $Tiefe) { + $Objekt->sub[$XMLpos[$Tiefe]]->data .= htmlentities(convertValues($Data), ENT_QUOTES); + + if ($XMLDEBUG) + echo "???" . $Objekt->sub[$XMLpos[$Tiefe]]->name . "|$Data|$Tiefe???<br />"; + } else + dataXMLmain($Data, $Objekt->sub[$XMLpos[$Tiefe]], $Tiefe +1); } -function startXMLmain( $Data, &$Objekt, $Tiefe ) -{ +function startXMLmain($Data, & $Objekt, $Tiefe) { global $XMLpos, $depth, $XMLDEBUG; - if( $XMLDEBUG) - if($Tiefe==1) - { print_r(array_values ($XMLpos)); echo "--".$Data->name; - echo " #$Tiefe/$depth#"; - } - - if( $depth==$Tiefe) - { - $Objekt->sub[ $XMLpos[$Tiefe] ] = $Data; - if( $XMLDEBUG) - echo "|". $XMLpos[$Tiefe]."|". $Objekt->sub[ $XMLpos[$Tiefe] ]->name. " ". $Data->name." save|". "#-#<br>"; - } - else - startXMLmain( $Data, $Objekt->sub[ $XMLpos[$Tiefe] ], $Tiefe+1); + if ($XMLDEBUG) + if ($Tiefe == 1) { + print_r(array_values($XMLpos)); + echo "--" . $Data->name; + echo " #$Tiefe/$depth#"; + } + + if ($depth == $Tiefe) { + $Objekt->sub[$XMLpos[$Tiefe]] = $Data; + if ($XMLDEBUG) + echo "|" . $XMLpos[$Tiefe] . "|" . $Objekt->sub[$XMLpos[$Tiefe]]->name . " " . $Data->name . " save|" . "#-#<br />"; + } else + startXMLmain($Data, $Objekt->sub[$XMLpos[$Tiefe]], $Tiefe +1); } -function start_element_handler($parser, $name, $attribs) -{ +function start_element_handler($parser, $name, $attribs) { global $depth, $XMLmain, $XMLpos; $Data = new element; $Data->name = $name; - while(list($key, $value) = each($attribs)) + while (list ($key, $value) = each($attribs)) $Data->attributes[$key] = convertValues($value); $Data->depth = $depth; - $XMLpos[$depth]++; + $XMLpos[$depth]++; - if( $depth==0) - $XMLmain= $Data; + if ($depth == 0) + $XMLmain = $Data; else - startXMLmain( $Data, $XMLmain, 1); + startXMLmain($Data, $XMLmain, 1); $depth++; } -function end_element_handler($parser, $name) -{ +function end_element_handler($parser, $name) { global $depth, $XMLpos; - $XMLpos[$depth]=0; + $XMLpos[$depth] = 0; $depth--; } -function character_data_handler($parser, $data) -{ +function character_data_handler($parser, $data) { global $XMLmain; - if( strlen(trim($data)) ) - dataXMLmain( $data, $XMLmain, 1); + if (strlen(trim($data))) + dataXMLmain($data, $XMLmain, 1); } /*#######################################################################################*/ -function readXMLfile( $file ) -{ +function readXMLfile($file) { global $XMLDEBUG; - + //$xml_parser = xml_parser_create_ns(); $xml_parser = xml_parser_create("UTF-8"); xml_set_element_handler($xml_parser, "start_element_handler", "end_element_handler"); xml_set_character_data_handler($xml_parser, "character_data_handler"); - - if (file_exists($file)) - { - if (!($fp = fopen($file, "r"))) - { - echo(" <h1>could not open XML file \"$file\"</h1>"); + + if (file_exists($file)) { + if (!($fp = fopen($file, "r"))) { + echo (" <h1>could not open XML file \"$file\"</h1>"); return -1; } - } - else - { - echo(" <h1>XML file \"$file\" not exist</h1>"); + } else { + echo (" <h1>XML file \"$file\" not exist</h1>"); return -1; } - if( $XMLDEBUG) echo "<pre>"; - while ($data = fread($fp, 4096)) - { - if (!xml_parse($xml_parser, $data, feof($fp))) - { - die(sprintf("XML error: %s at line %d", - xml_error_string(xml_get_error_code($xml_parser)), - xml_get_current_line_number($xml_parser))); + if ($XMLDEBUG) + echo "<pre>"; + while ($data = fread($fp, 4096)) { + if (!xml_parse($xml_parser, $data, feof($fp))) { + die(sprintf("XML error: %s at line %d", xml_error_string(xml_get_error_code($xml_parser)), xml_get_current_line_number($xml_parser))); } } - if( $XMLDEBUG) echo "</pre>"; + if ($XMLDEBUG) + echo "</pre>"; xml_parser_free($xml_parser); return 0; } /*#######################################################################################*/ -function getXMLsubPease( $Sourse, $Name ) -{ - foreach($Sourse->sub as $key => $value) { +function getXMLsubPease($Sourse, $Name) { + foreach ($Sourse->sub as $key => $value) { if ($value->name == $Name) { - return $value; + return $value; } } - - echo "<h1>Fehler: getXMLsubPease( $Sourse, $Name ) not found</h1>"; -// die; + // die; } /*#######################################################################################*/ -function getXMLsubData( $Sourse, $Name ) -{ - $XML = getXMLsubPease( $Sourse, $Name); +function getXMLsubData($Sourse, $Name) { + $XML = getXMLsubPease($Sourse, $Name); return $XML->data; } ?> diff --git a/includes/funktion_xml_room.php b/includes/funktion_xml_room.php index a8f626d1..f31d5661 100755..100644 --- a/includes/funktion_xml_room.php +++ b/includes/funktion_xml_room.php @@ -1,69 +1,61 @@ -<?PHP
-
-
-/*##############################################################################################
- R o o m
- ##############################################################################################*/
-echo "\n\n<br>\n<h1>Rooms:</h1>\n";
-
-function saveRoomData()
-{
- global $con;
- if( isset($_GET["NameXML"]))
- {
- $SQL= "INSERT INTO `Room` ( `Name`, `FromPentabarf` ) ".
- "VALUES ('". mysql_escape_string($_GET["NameXML"]). "', 'Y');";
- $Erg = mysql_query($SQL, $con);
- if( $Erg )
- echo "Aenderung, an Raum ". $_GET["NameXML"]. ", war erfogreich<br>";
- else
- echo "Aenderung, an Raum ". $_GET["NameXML"]. ", war <u>nicht</u> erfogreich.(".
- mysql_error($con). ")<br>[$SQL]<br>";
- }
- else
- echo "Fehler in den Parametern!<br>";
-} /*function saveRoomData*/
-
-if( isset($_GET["RoomUpdate"]))
- saveRoomData();
-
-//INIT Status counter
-$DS_KO = 0;
-
-//Ausgabe
-echo "<table border=\"0\">\n";
-echo "<tr><th>Name</th><th>state</th></tr>\n";
-if( $EnableSchudle)
-foreach($XMLmain->sub as $EventKey => $Event)
-{
- if( $Event->name == "VEVENT")
- {
- $NameXML = getXMLsubData( $Event, "LOCATION");
- if( !isset( $RoomName[$NameXML]))
- {
- $RoomName[$NameXML] = "";
-
- if( isset($_GET["UpdateALL"]))
- {
- $_GET["NameXML"] = $NameXML;
- saveRoomData();
- CreateRoomArrays();
- }
- else
- {
- echo "<form action=\"dbUpdateFromXLS.php\">\n";
- echo "\t<tr>\n";
- echo "\t<td><input name=\"NameXML\" type=\"text\" value=\"$NameXML\" readonly></td>\n";
- echo "\t<td><input type=\"submit\" name=\"RoomUpdate\" value=\"update\"></td>\n";
- $DS_KO++;
- echo "\t</tr>\n";
- echo "</form>\n";
- echo "<br>";
- }
- }
- }
-}
-echo "<tr><td colspan=\"6\">status: $DS_KO nicht vorhanden.</td></tr>\n";
-echo "</table>\n";
-
-?>
+<?php + echo "<h1>Rooms:</h1>\n"; + + function saveRoomData() { + global $con; + + if(isset($_GET["NameXML"])) { + $SQL = "INSERT INTO `Room` ( `Name`, `FromPentabarf` ) ". + "VALUES ('". mysql_escape_string($_GET["NameXML"]). "', 'Y');"; + $Erg = mysql_query($SQL, $con); + + if($Erg) + echo "Aenderung, an Raum ". $_GET["NameXML"]. ", war erfogreich<br />"; + else + echo "Aenderung, an Raum ". $_GET["NameXML"]. ", war <u>nicht</u> erfogreich.(". + + mysql_error($con). ")<br />[$SQL]<br />"; + } else + echo "Fehler in den Parametern!<br />"; + } + + if(isset($_GET["RoomUpdate"])) + saveRoomData(); + + // INIT Status counter + $DS_KO = 0; + + // Ausgabe + echo "<table border=\"0\">\n"; + echo "<tr><th>Name</th><th>state</th></tr>\n"; + + if($EnableSchudle) { + foreach($XMLmain->sub as $EventKey => $Event) { + if( $Event->name == "VEVENT") { + $NameXML = getXMLsubData( $Event, "LOCATION"); + + if( !isset( $RoomName[$NameXML])) { + $RoomName[$NameXML] = ""; + + if(isset($_GET["UpdateALL"])) { + $_GET["NameXML"] = $NameXML; + saveRoomData(); + CreateRoomArrays(); + } else { + echo "<form action=\"dbUpdateFromXLS.php\">\n"; + echo "<tr>\n"; + echo "<td><input name=\"NameXML\" type=\"text\" value=\"$NameXML\" readonly></td>\n"; + echo "<td><input type=\"submit\" name=\"RoomUpdate\" value=\"update\"></td>\n"; + $DS_KO++; + echo "</tr>\n"; + echo "</form>\n"; + echo "<br />"; + } + } + } + } + } + + echo "<tr><td colspan=\"6\">status: $DS_KO nicht vorhanden.</td></tr>\n"; + echo "</table>\n"; +?> diff --git a/includes/funktion_xml_schudle.php b/includes/funktion_xml_schudle.php index 4ef0a42f..f73f11ad 100755..100644 --- a/includes/funktion_xml_schudle.php +++ b/includes/funktion_xml_schudle.php @@ -1,178 +1,178 @@ -<?PHP +<?php /*############################################################################################## - s c h e d u l e + s c h e d u l e ##############################################################################################*/ echo "\n\n<h1>Schedule:</h1>\n"; function SaveSchedule() { - global $RoomID, $RoomName; - global $con; + global $RoomID, $RoomName; + global $con; - if( isset($_GET["PSIDXML"]) && - isset($_GET["DateXML"]) && - isset($_GET["RIDXML"]) && - isset($_GET["LenXML"]) && - isset($_GET["ManXML"]) && - isset($_GET["URLXML"]) ) - { - //erzeuge von `DateE` - $TimeStart = substr( $_GET["DateXML"], 11, 2) + (substr($_GET["DateXML"], 14, 2)/60); - $TimeEnd = ($_GET["LenXML"] + $TimeStart) * 60; - $TimeM = $TimeEnd % 60; - $TimeH = ($TimeEnd - $TimeM)/60; - if( $TimeH>=24 ) - { - $TimeH -= 24; - $DateEnd = substr($_GET["DateXML"], 0, 8). - (substr($_GET["DateXML"], 8, 2)+1). " "; - } - else - $DateEnd = substr($_GET["DateXML"], 0, 11); - $DateEnd .= "$TimeH:$TimeM:00"; - - //Namen ermitteln - $_GET["RIDXML"] = $RoomName[$_GET["RIDXML"]]; - - //Update OR insert ? - $SQL1 = "Select `SID` FROM `Shifts` WHERE `PSID`='". $_GET["PSIDXML"]. "';"; - $Erg1 = mysql_query($SQL1, $con); - - if( mysql_num_rows($Erg1)==0) - { - echo "Aenderung, am Schedule '". $_GET["PSIDXML"]. "'"; - $SQL= "INSERT INTO `Shifts` (`PSID`, `DateS`, `DateE`, `Len`, `RID`, `Man`, `URL`) ". - "VALUES ('". $_GET["PSIDXML"]. "', ". - "'". $_GET["DateXML"]. "', ". - "'". $DateEnd. "', ". - "'". $_GET["LenXML"]. "', ". - "'". $_GET["RIDXML"]. "', ". - "'". mysql_escape_string($_GET["ManXML"]). "', ". - "'". $_GET["URLXML"]. "'". - ");"; - } - else - { - echo "Aenderung, am Schedule '". $_GET["PSIDXML"]. "' (SID ". - mysql_result( $Erg1, 0, "SID"). ")"; - $SQL= "UPDATE `Shifts` SET ". - "`DateS` = '". $_GET["DateXML"]. "', ". - "`DateE` = '". $DateEnd. "', ". - "`Len` = '". $_GET["LenXML"]. "', ". - "`RID` = '". $_GET["RIDXML"]. "', ". - "`Man` = '". mysql_escape_string($_GET["ManXML"]). "', ". - "`URL`= '". $_GET["URLXML"]. "' ". - "WHERE `PSID` = '". $_GET["PSIDXML"]. "' LIMIT 1;"; - } - $Erg = mysql_query($SQL, $con); - if( $Erg ) - { - echo ", war erfogreich<br>\n"; + if( isset($_GET["PSIDXML"]) && + isset($_GET["DateXML"]) && + isset($_GET["RIDXML"]) && + isset($_GET["LenXML"]) && + isset($_GET["ManXML"]) && + isset($_GET["URLXML"]) ) + { + //erzeuge von `DateE` + $TimeStart = substr( $_GET["DateXML"], 11, 2) + (substr($_GET["DateXML"], 14, 2)/60); + $TimeEnd = ($_GET["LenXML"] + $TimeStart) * 60; + $TimeM = $TimeEnd % 60; + $TimeH = ($TimeEnd - $TimeM)/60; + if( $TimeH>=24 ) + { + $TimeH -= 24; + $DateEnd = substr($_GET["DateXML"], 0, 8). + (substr($_GET["DateXML"], 8, 2)+1). " "; + } + else + $DateEnd = substr($_GET["DateXML"], 0, 11); + $DateEnd .= "$TimeH:$TimeM:00"; + + //Namen ermitteln + $_GET["RIDXML"] = $RoomName[$_GET["RIDXML"]]; + + //Update OR insert ? + $SQL1 = "Select `SID` FROM `Shifts` WHERE `PSID`='". $_GET["PSIDXML"]. "';"; + $Erg1 = mysql_query($SQL1, $con); + + if( mysql_num_rows($Erg1)==0) + { + echo "Aenderung, am Schedule '". $_GET["PSIDXML"]. "'"; + $SQL= "INSERT INTO `Shifts` (`PSID`, `DateS`, `DateE`, `Len`, `RID`, `Man`, `URL`) ". + "VALUES ('". $_GET["PSIDXML"]. "', ". + "'". $_GET["DateXML"]. "', ". + "'". $DateEnd. "', ". + "'". $_GET["LenXML"]. "', ". + "'". $_GET["RIDXML"]. "', ". + "'". mysql_escape_string($_GET["ManXML"]). "', ". + "'". $_GET["URLXML"]. "'". + ");"; + } + else + { + echo "Aenderung, am Schedule '". $_GET["PSIDXML"]. "' (SID ". + mysql_result( $Erg1, 0, "SID"). ")"; + $SQL= "UPDATE `Shifts` SET ". + "`DateS` = '". $_GET["DateXML"]. "', ". + "`DateE` = '". $DateEnd. "', ". + "`Len` = '". $_GET["LenXML"]. "', ". + "`RID` = '". $_GET["RIDXML"]. "', ". + "`Man` = '". mysql_escape_string($_GET["ManXML"]). "', ". + "`URL`= '". $_GET["URLXML"]. "' ". + "WHERE `PSID` = '". $_GET["PSIDXML"]. "' LIMIT 1;"; + } + $Erg = mysql_query($SQL, $con); + if( $Erg ) + { + echo ", war erfogreich<br />\n"; - //SID auslesen - $SQL1 = "Select `SID` FROM `Shifts` WHERE `PSID`='". $_GET["PSIDXML"]. "';"; - $Erg1 = mysql_query($SQL1, $con); - $newSID = mysql_result($Erg1, 0, 0); + //SID auslesen + $SQL1 = "Select `SID` FROM `Shifts` WHERE `PSID`='". $_GET["PSIDXML"]. "';"; + $Erg1 = mysql_query($SQL1, $con); + $newSID = mysql_result($Erg1, 0, 0); - // erstellt ein Array der Reume - $sql2 = "SELECT * FROM `Room` ". - "WHERE `RID`='".$_GET["RIDXML"]. "' ". - "ORDER BY `Number`, `Name`;"; - $Erg2 = mysql_query( $sql2, $con); - for( $j=0; $j<mysql_num_fields( $Erg2); $j++) - { - if( substr( mysql_field_name($Erg2, $j), 0, 12)=="DEFAULT_EID_" ) - { - // extract db values - $EngelNeeded = mysql_result($Erg2, 0, $j); - $EngelTypeID = substr( mysql_field_name($Erg2, $j), 12); + // erstellt ein Array der Reume + $sql2 = "SELECT * FROM `Room` ". + "WHERE `RID`='".$_GET["RIDXML"]. "' ". + "ORDER BY `Number`, `Name`;"; + $Erg2 = mysql_query( $sql2, $con); + for( $j=0; $j<mysql_num_fields( $Erg2); $j++) + { + if( substr( mysql_field_name($Erg2, $j), 0, 12)=="DEFAULT_EID_" ) + { + // extract db values + $EngelNeeded = mysql_result($Erg2, 0, $j); + $EngelTypeID = substr( mysql_field_name($Erg2, $j), 12); - // chech exist shifts - $sqlShifts = "SELECT * FROM `ShiftEntry` ". - "WHERE `SID`='". $newSID. "' AND ". - "`TID` = '". $EngelTypeID. "';"; - $ErgShifts = mysql_query( $sqlShifts, $con); - $EngelNeeded_Exist = mysql_num_rows( $ErgShifts); - - // check for not empty shifts - $sqlShiftsNotEmpty = "SELECT * FROM `ShiftEntry` ". - "WHERE `SID`='". $newSID. "' AND ". - "`TID` = '". $EngelTypeID. "' AND ". - "`UID` != 0 ;"; - $ErgShiftsNotEmpty = mysql_query( $sqlShiftsNotEmpty, $con); - $EngelNeeded_NotEmpty = mysql_num_rows( $ErgShiftsNotEmpty); - - // Angel create/delte? - if( $EngelNeeded > $EngelNeeded_Exist) - { - echo "---->Create Shifts for engeltype: ". TID2Type($EngelTypeID). " ". - ($EngelNeeded-$EngelNeeded_Exist). "x<br>\n------>\n"; - for( $i=0; $i < ($EngelNeeded-$EngelNeeded_Exist); $i++ ) - { - $SQL3 = "INSERT INTO `ShiftEntry` (`SID`, `TID`) VALUES (". - "'". $newSID. "', ". - "'". $EngelTypeID. "');"; - $Erg3 = mysql_query($SQL3, $con); - if ($Erg3 == 1) - echo "pass "; - else - echo "fail <u>". mysql_error($con). - "</u>($SQL3)<br>\n"; - } - echo "<br>\n"; - } - else if ($EngelNeeded < $EngelNeeded_Exist) - { - if( $EngelNeeded > $EngelNeeded_NotEmpty) - { - $EngelMin = $EngelNeeded; - } - else - { - $EngelMin = $EngelNeeded_NotEmpty; - echo "---> WARING ". $EngelNeeded_NotEmpty. - " shift is used, can't del ". TID2Type($EngelTypeID). " shifts\t"; - } + // chech exist shifts + $sqlShifts = "SELECT * FROM `ShiftEntry` ". + "WHERE `SID`='". $newSID. "' AND ". + "`TID` = '". $EngelTypeID. "';"; + $ErgShifts = mysql_query( $sqlShifts, $con); + $EngelNeeded_Exist = mysql_num_rows( $ErgShifts); + + // check for not empty shifts + $sqlShiftsNotEmpty = "SELECT * FROM `ShiftEntry` ". + "WHERE `SID`='". $newSID. "' AND ". + "`TID` = '". $EngelTypeID. "' AND ". + "`UID` != 0 ;"; + $ErgShiftsNotEmpty = mysql_query( $sqlShiftsNotEmpty, $con); + $EngelNeeded_NotEmpty = mysql_num_rows( $ErgShiftsNotEmpty); + + // Angel create/delte? + if( $EngelNeeded > $EngelNeeded_Exist) + { + echo "---->Create Shifts for engeltype: ". TID2Type($EngelTypeID). " ". + ($EngelNeeded-$EngelNeeded_Exist). "x<br />\n------>\n"; + for( $i=0; $i < ($EngelNeeded-$EngelNeeded_Exist); $i++ ) + { + $SQL3 = "INSERT INTO `ShiftEntry` (`SID`, `TID`) VALUES (". + "'". $newSID. "', ". + "'". $EngelTypeID. "');"; + $Erg3 = mysql_query($SQL3, $con); + if ($Erg3 == 1) + echo "pass "; + else + echo "fail <u>". mysql_error($con). + "</u>($SQL3)<br />\n"; + } + echo "<br />\n"; + } + else if ($EngelNeeded < $EngelNeeded_Exist) + { + if( $EngelNeeded > $EngelNeeded_NotEmpty) + { + $EngelMin = $EngelNeeded; + } + else + { + $EngelMin = $EngelNeeded_NotEmpty; + echo "---> WARING ". $EngelNeeded_NotEmpty. + " shift is used, can't del ". TID2Type($EngelTypeID). " shifts"; + } - echo "---->Delete empty Shifts for engeltype: ". TID2Type($EngelTypeID). " ". - ($EngelNeeded_Exist-$EngelMin)."x<br>\n------>\n"; - for( $i=$EngelMin; $i<$EngelNeeded_Exist; $i++ ) - { - $SQL3 = "DELETE FROM `ShiftEntry` ". - "WHERE `SID` = ". $newSID. " AND ". - "`TID` = ". $EngelTypeID. " AND ". - "`UID` = 0 ". - "LIMIT 1;"; - $Erg3 = mysql_query($SQL3, $con); - if ($Erg3 == 1) - echo "pass "; - else - echo "fail <u>". mysql_error($con). - "</u>($SQL3)<br>\n"; - } - echo "<br>\n"; - } - else - { -// echo "---->Nothing to do, for engeltype: ". TID2Type($EngelTypeID). "<br>\n"; - } - } - } + echo "---->Delete empty Shifts for engeltype: ". TID2Type($EngelTypeID). " ". + ($EngelNeeded_Exist-$EngelMin)."x<br />\n------>\n"; + for( $i=$EngelMin; $i<$EngelNeeded_Exist; $i++ ) + { + $SQL3 = "DELETE FROM `ShiftEntry` ". + "WHERE `SID` = ". $newSID. " AND ". + "`TID` = ". $EngelTypeID. " AND ". + "`UID` = 0 ". + "LIMIT 1;"; + $Erg3 = mysql_query($SQL3, $con); + if ($Erg3 == 1) + echo "pass "; + else + echo "fail <u>". mysql_error($con). + "</u>($SQL3)<br />\n"; + } + echo "<br />\n"; + } + else + { +// echo "---->Nothing to do, for engeltype: ". TID2Type($EngelTypeID). "<br />\n"; + } + } + } - } - else - echo ", war <u>nicht</u> erfogreich.(". - mysql_error($con). ")<br>[$SQL]<br>\n"; - } - else - echo "Fehler in den Parametern!<br>"; + } + else + echo ", war <u>nicht</u> erfogreich.(". + mysql_error($con). ")<br />[$SQL]<br />\n"; + } + else + echo "Fehler in den Parametern!<br />"; } /*SaveSchedule*/ if( isset($_GET["ScheduleUpdate"])) - SaveSchedule(); + SaveSchedule(); //INIT Status counter $DS_OK = 0; @@ -182,127 +182,127 @@ $Where = ""; //ausgabe echo "<table border=\"0\">\n"; echo "<tr><th>PSID</th><th>Date</th>". - "<th>Room</th><th>Len</th><th>Name</th><th>state</th></tr>\n"; + "<th>Room</th><th>Len</th><th>Name</th><th>state</th></tr>\n"; echo "<tr align=\"center\"><td>XML - DB</td><td>XML - DB</td>". - "<td>XML - DB</td><td>XML - DB</td><td>XML - DB</td><td></td></tr>\n"; + "<td>XML - DB</td><td>XML - DB</td><td>XML - DB</td><td></td></tr>\n"; if( $EnableSchudle) foreach($XMLmain->sub as $EventKey => $Event) { - if( $Event->name == "VEVENT") - { - echo "<form action=\"dbUpdateFromXLS.php\">\n"; - echo "\t<tr>\n"; - - $PSIDXML = getXMLsubData( $Event, "UID"); - $DateXML = - substr( getXMLsubData( $Event, "DTSTART"), 0, 4). "-". - substr( getXMLsubData( $Event, "DTSTART"), 4, 2). "-". - substr( getXMLsubData( $Event, "DTSTART"), 6, 2). " ". - substr( getXMLsubData( $Event, "DTSTART"), 9, 2). ":". - substr( getXMLsubData( $Event, "DTSTART"), 11,2). ":00"; - $LenXML = substr( getXMLsubData( $Event, "DURATION"), 0, 2) + ( substr( getXMLsubData( $Event, "DURATION"), 3, 2)/60); - $RIDXML = getXMLsubData( $Event, "LOCATION"); - $ManXML = getXMLsubData( $Event, "SUMMARY"); - $URLXML = getXMLsubData( $Event, "URL"); - - if( isset($_GET["UpdateALL"])) - { - $_GET["PSIDXML"] = $PSIDXML; - $_GET["DateXML"] = $DateXML; - $_GET["LenXML"] = $LenXML; - $_GET["RIDXML"] = $RIDXML; - $_GET["ManXML"] = $ManXML; - $_GET["URLXML"] = $URLXML; - SaveSchedule(); - } - - $SQL = "SELECT * FROM `Shifts` WHERE `PSID`='$PSIDXML'"; - $Erg = mysql_query($SQL, $con); - if(mysql_num_rows($Erg)>0) - { - $SIDDB = mysql_result($Erg, 0, "SID"); - $PSIDDB = mysql_result($Erg, 0, "PSID"); - $TimeDB = mysql_result($Erg, 0, "DateS"); - $LenDB = mysql_result($Erg, 0, "Len"); - if( isset($RoomID[mysql_result($Erg, 0, "RID")])) - $RIDDB = $RoomID[mysql_result($Erg, 0, "RID")]; - else - $RIDDB = "RID". mysql_result($Erg, 0, "RID"); - - $ManDB = mysql_result($Erg, 0, "Man"); - $URLDB = mysql_result($Erg, 0, "URL"); - } - else - $SIDDB = $PSIDDB = $TimeDB = $LenDB = $RIDDB = $ManDB = $URLDB = ""; + if( $Event->name == "VEVENT") + { + echo "<form action=\"dbUpdateFromXLS.php\">\n"; + echo "<tr>\n"; + + $PSIDXML = getXMLsubData( $Event, "UID"); + $DateXML = + substr( getXMLsubData( $Event, "DTSTART"), 0, 4). "-". + substr( getXMLsubData( $Event, "DTSTART"), 4, 2). "-". + substr( getXMLsubData( $Event, "DTSTART"), 6, 2). " ". + substr( getXMLsubData( $Event, "DTSTART"), 9, 2). ":". + substr( getXMLsubData( $Event, "DTSTART"), 11,2). ":00"; + $LenXML = substr( getXMLsubData( $Event, "DURATION"), 0, 2) + ( substr( getXMLsubData( $Event, "DURATION"), 3, 2)/60); + $RIDXML = getXMLsubData( $Event, "LOCATION"); + $ManXML = getXMLsubData( $Event, "SUMMARY"); + $URLXML = getXMLsubData( $Event, "URL"); + + if( isset($_GET["UpdateALL"])) + { + $_GET["PSIDXML"] = $PSIDXML; + $_GET["DateXML"] = $DateXML; + $_GET["LenXML"] = $LenXML; + $_GET["RIDXML"] = $RIDXML; + $_GET["ManXML"] = $ManXML; + $_GET["URLXML"] = $URLXML; + SaveSchedule(); + } + + $SQL = "SELECT * FROM `Shifts` WHERE `PSID`='$PSIDXML'"; + $Erg = mysql_query($SQL, $con); + if(mysql_num_rows($Erg)>0) + { + $SIDDB = mysql_result($Erg, 0, "SID"); + $PSIDDB = mysql_result($Erg, 0, "PSID"); + $TimeDB = mysql_result($Erg, 0, "DateS"); + $LenDB = mysql_result($Erg, 0, "Len"); + if( isset($RoomID[mysql_result($Erg, 0, "RID")])) + $RIDDB = $RoomID[mysql_result($Erg, 0, "RID")]; + else + $RIDDB = "RID". mysql_result($Erg, 0, "RID"); + + $ManDB = mysql_result($Erg, 0, "Man"); + $URLDB = mysql_result($Erg, 0, "URL"); + } + else + $SIDDB = $PSIDDB = $TimeDB = $LenDB = $RIDDB = $ManDB = $URLDB = ""; - echo "\t<td><input name=\"PSIDXML\" type=\"text\" value=\"$PSIDXML\" size=\"2\" eadonly></td>\n"; - echo "\t<td><input name=\"DateXML\" type=\"text\" value=\"$DateXML\" size=\"17\" readonly>\n\t\t". - "<input name=\"DateDB\" type=\"text\" value=\"$TimeDB\" size=\"17\" readonly></td>\n"; - echo "\t<td><input name=\"RIDXML\" type=\"text\" value=\"$RIDXML\" size=\"15\" readonly>\n\t\t". - "<input name=\"RIDDB\" type=\"text\" value=\"$RIDDB\" size=\"15\" readonly></td>\n"; - echo "\t<td><input name=\"LenXML\" type=\"text\" value=\"$LenXML\" size=\"1\"readonly>\n\t\t". - "<input name=\"LenDB\" type=\"text\" value=\"$LenDB\" size=\"1\"readonly></td>\n"; - echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"$ManXML\" size=\"40\"readonly>\n\t\t". - "<input name=\"ManDB\" type=\"text\" value=\"$ManDB\" size=\"40\"readonly></td>\n"; - echo "\t<td><input name=\"URLXML\" type=\"hidden\" value=\"$URLXML\"></td>\n"; - echo "\t<td><input name=\"URLDB\" type=\"hidden\" value=\"$URLDB\"></td>\n"; - if( !( $PSIDXML==$PSIDDB && - $DateXML==$TimeDB && - $RIDXML==$RIDDB && - $LenXML==$LenDB && - $ManXML==$ManDB && - $URLXML==$URLDB) ) - { - echo "\t<td><input type=\"submit\" name=\"ScheduleUpdate\" value=\"update\"></td>\n"; - $DS_KO++; - } - else - { - echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText("admin/schichtplan.php?action=change&SID=".$SIDDB, "edit"). "</td>\n"; - $DS_OK++; - } - echo "\t</tr>\n"; - echo "</form>\n"; - $Where.= " OR `PSID`='$PSIDXML'"; - } + echo "<td><input name=\"PSIDXML\" type=\"text\" value=\"$PSIDXML\" size=\"2\" eadonly></td>\n"; + echo "<td><input name=\"DateXML\" type=\"text\" value=\"$DateXML\" size=\"17\" readonly>\n". + "<input name=\"DateDB\" type=\"text\" value=\"$TimeDB\" size=\"17\" readonly></td>\n"; + echo "<td><input name=\"RIDXML\" type=\"text\" value=\"$RIDXML\" size=\"15\" readonly>\n". + "<input name=\"RIDDB\" type=\"text\" value=\"$RIDDB\" size=\"15\" readonly></td>\n"; + echo "<td><input name=\"LenXML\" type=\"text\" value=\"$LenXML\" size=\"1\"readonly>\n". + "<input name=\"LenDB\" type=\"text\" value=\"$LenDB\" size=\"1\"readonly></td>\n"; + echo "<td><input name=\"ManXML\" type=\"text\" value=\"$ManXML\" size=\"40\"readonly>\n". + "<input name=\"ManDB\" type=\"text\" value=\"$ManDB\" size=\"40\"readonly></td>\n"; + echo "<td><input name=\"URLXML\" type=\"hidden\" value=\"$URLXML\"></td>\n"; + echo "<td><input name=\"URLDB\" type=\"hidden\" value=\"$URLDB\"></td>\n"; + if( !( $PSIDXML==$PSIDDB && + $DateXML==$TimeDB && + $RIDXML==$RIDDB && + $LenXML==$LenDB && + $ManXML==$ManDB && + $URLXML==$URLDB) ) + { + echo "<td><input type=\"submit\" name=\"ScheduleUpdate\" value=\"update\"></td>\n"; + $DS_KO++; + } + else + { + echo "<td>". funktion_isLinkAllowed_addLink_OrLinkText("admin/schichtplan.php?action=change&SID=".$SIDDB, "edit"). "</td>\n"; + $DS_OK++; + } + echo "</tr>\n"; + echo "</form>\n"; + $Where.= " OR `PSID`='$PSIDXML'"; + } } echo "<tr><td colspan=\"6\">status: $DS_KO/$DS_OK nicht Aktuel.</td></tr>\n"; //Anzeige von nicht im XML File vorkommende entraege if( $Where =="") - $SQL2 = "SELECT * FROM `Shifts` WHERE NOT `PSID`='';"; + $SQL2 = "SELECT * FROM `Shifts` WHERE NOT `PSID`='';"; else - $SQL2 = "SELECT * FROM `Shifts` WHERE NOT (".substr( $Where, 4). ") AND NOT PSID = '';"; - + $SQL2 = "SELECT * FROM `Shifts` WHERE NOT (".substr( $Where, 4). ") AND NOT PSID = '';"; + $Erg2 = mysql_query($SQL2, $con); echo mysql_error($con); if(mysql_num_rows($Erg2)>0 && $EnableSchudleDB ) - for( $i=0; $i<mysql_num_rows( $Erg2); $i++) - { - echo "\t<tr>\n"; - $SID = mysql_result($Erg2, $i, "SID"); - $Time = mysql_result($Erg2, $i, "DateS"); - $Len = mysql_result($Erg2, $i, "Len"); - if( isset($RoomID[ mysql_result($Erg2, $i, "RID")])) - $RID = $RoomID[ mysql_result($Erg2, $i, "RID")]; - else - $RID = "RID.". mysql_result($Erg2, $i, "RID"); - $Man = mysql_result($Erg2, $i, "Man"); - echo "\t<td><input name=\"SIDXML\" type=\"text\" value=\"$SID\" size=\"2\" eadonly></td>\n"; - echo "\t<td><input name=\"DateXML\" type=\"text\" value=\"\" size=\"17\" readonly>\n\t\t". - "<input name=\"DateDB\" type=\"text\" value=\"$Time\" size=\"17\" readonly></td>\n"; - echo "\t<td><input name=\"RIDXML\" type=\"text\" value=\"\" size=\"15\" readonly>\n\t\t". - "<input name=\"RIDDB\" type=\"text\" value=\"$RID\" size=\"15\" readonly></td>\n"; - echo "\t<td><input name=\"LenXML\" type=\"text\" value=\"\" size=\"1\"readonly>\n\t\t". - "<input name=\"LenDB\" type=\"text\" value=\"$Len\" size=\"1\"readonly></td>\n"; - echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n\t\t". - "<input name=\"ManDB\" type=\"text\" value=\"$Man\" size=\"40\"readonly></td>\n"; - echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText( "admin/schichtplan.php?action=change&SID=".$SID, "edit"). - "</td>\n"; - echo "\t<tr>\n"; - } + for( $i=0; $i<mysql_num_rows( $Erg2); $i++) + { + echo "<tr>\n"; + $SID = mysql_result($Erg2, $i, "SID"); + $Time = mysql_result($Erg2, $i, "DateS"); + $Len = mysql_result($Erg2, $i, "Len"); + if( isset($RoomID[ mysql_result($Erg2, $i, "RID")])) + $RID = $RoomID[ mysql_result($Erg2, $i, "RID")]; + else + $RID = "RID.". mysql_result($Erg2, $i, "RID"); + $Man = mysql_result($Erg2, $i, "Man"); + echo "<td><input name=\"SIDXML\" type=\"text\" value=\"$SID\" size=\"2\" eadonly></td>\n"; + echo "<td><input name=\"DateXML\" type=\"text\" value=\"\" size=\"17\" readonly>\n". + "<input name=\"DateDB\" type=\"text\" value=\"$Time\" size=\"17\" readonly></td>\n"; + echo "<td><input name=\"RIDXML\" type=\"text\" value=\"\" size=\"15\" readonly>\n". + "<input name=\"RIDDB\" type=\"text\" value=\"$RID\" size=\"15\" readonly></td>\n"; + echo "<td><input name=\"LenXML\" type=\"text\" value=\"\" size=\"1\"readonly>\n". + "<input name=\"LenDB\" type=\"text\" value=\"$Len\" size=\"1\"readonly></td>\n"; + echo "<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n". + "<input name=\"ManDB\" type=\"text\" value=\"$Man\" size=\"40\"readonly></td>\n"; + echo "<td>". funktion_isLinkAllowed_addLink_OrLinkText( "admin/schichtplan.php?action=change&SID=".$SID, "edit"). + "</td>\n"; + echo "<tr>\n"; + } echo "</table>"; diff --git a/includes/funktionen.php b/includes/funktionen.php deleted file mode 100755 index d841e6ec..00000000 --- a/includes/funktionen.php +++ /dev/null @@ -1,26 +0,0 @@ -<?php - -/* Schichtverplanung im Adminbereich */ -function Dsubstr($DateString,$re) { - if ($re==1) - return substr($DateString, 0, 2); - elseif ($re==2) - return substr($DateString, 3, 2); - else - return substr($DateString, 6, 4); -} - -/* Schichtverplanung im Engelbereich */ - -function engeldate($edate,$m) { - if ($m==t) - return substr($edate, 8, 2); - elseif ($m==m) - return substr($edate, 5, 2); - elseif ($m==u) - return substr($edate, 11, 5); - else - return substr($edate, 0, 4); -} - -?> diff --git a/includes/header.php b/includes/header.php index e5d97a0c..9cd2e51d 100755..100644 --- a/includes/header.php +++ b/includes/header.php @@ -1,137 +1,102 @@ -<?PHP -include ("header_start.php"); +<?php +include "header_start.php"; -echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n"; +echo "<!DOCTYPE html>\n"; ?> -<HTML> -<HEAD> -<?PHP - -echo "<TITLE>--- $title ---</TITLE>\n"; -?> -<meta name="keywords" content="Engel, Himmelsverwaltung"> -<meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> -<meta http-equiv="Content-Style-Type" content="text/css"> -<meta http-equiv="expires" content="0"> -<meta name="robots" content="index"> -<meta name="revisit-after" content="1 days"> -<meta http-equiv="content-language" content="de"> -<script type="text/javascript" src="<?PHP echo $url. $ENGEL_ROOT; ?>/css/grossbild.js"></script> -<link rel=stylesheet type="text/css" href="<?PHP echo $url. $ENGEL_ROOT; ?>css/style<?PHP - if (!IsSet($_SESSION['color'])) - echo "6"; - else - echo $_SESSION['color']; - ?>.css"> -<?PHP -if (isset($reload)) -{ - if ($reload=="") - { - $reload=3330; - } - echo "\n<meta http-equiv=\"refresh\" content=\"".$reload. - "; URL=./?reload=".$reload."\">\n"; +<html> +<head> + +<title><?php echo $title; ?> - Engelsystem</title> +<meta charset="UTF-8" /> +<meta http-equiv="content-type" content="text/html;charset=utf-8" /> +<meta name="content-style-type" content="text/css" /> +<meta name="keywords" content="Engel, Himmelsverwaltung" /> +<meta http-equiv="Content-Style-Type" content="text/css" /> +<meta http-equiv="expires" content="0" /> +<meta name="robots" content="index" /> +<meta name="revisit-after" content="1 days" /> +<script type="text/javascript" src="css/grossbild.js"></script> +<link rel="stylesheet" type="text/css" href="css/base.css" /> +<link rel="stylesheet" type="text/css" href="css/style<?php echo isset($_SESSION['color']) ? $_SESSION['color'] : $default_theme ?>.css" /> +<link rel="stylesheet" type="text/css" href="../css/base.css" /> +<link rel="stylesheet" type="text/css" href="../css/style<?php echo isset($_SESSION['color']) ? $_SESSION['color'] : $default_theme ?>.css" /> + +<?php +if (isset ($reload)) { + if ($reload == "") + $reload = 3330; + + echo "\n<meta http-equiv=\"refresh\" content=\"" . $reload . "; URL=./?reload=" . $reload . "\">\n"; } -if (isset($Page["AutoReload"])) -{ - echo "\n<meta http-equiv=\"refresh\" content=\"". $Page["AutoReload"]. - "; URL=". $url. $ENGEL_ROOT. $Page["Name"]."\">\n"; -} +if (isset ($Page["AutoReload"])) + echo "\n<meta http-equiv=\"refresh\" content=\"" . $Page["AutoReload"] . + "; URL=" . $url . $ENGEL_ROOT . $Page["Name"] . "\">\n"; -echo "</HEAD>\n"; +echo "</head>\n"; ///////////////////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////// B O D Y ///////////////////////////////////////////////////////////////////////////////////////////// -echo "<BODY>\n"; - -echo "<div name=\"topic\" align=\"center\">\n\n"; - -if( isset($_SESSION['color']) && ($_SESSION['color']==6) ) -{ - echo "\t<a name=\"#top\"><img src=\"". $url. $ENGEL_ROOT. "pic/himmel_w.png\" alt=\"Unser Himmel\"></a>\n"; -} -else -{ - echo "\t<a name=\"#top\"><img src=\"". $url. $ENGEL_ROOT. "pic/himmel.png\" alt=\"Unser Himmel\"></a>\n"; -} -echo "</div>\n\n"; +echo "<body class=\"background\">\n"; +echo '<header><a href="' . $url . $ENGEL_ROOT . '" id="logo"></a></header>'; //ausgabe new message -if( isset($_SESSION['CVS']["nonpublic/messages.php"])) -{ - if( $_SESSION['CVS']["nonpublic/messages.php"] == "Y") - { - $SQL = "SELECT `Datum` FROM `Messages` WHERE `RUID`=". $_SESSION["UID"]. " AND `isRead`='N'"; - $erg = mysql_query($SQL, $con); - if( mysql_num_rows( $erg ) > 0 ) - echo "<br><a href=\"". $url. $ENGEL_ROOT. - "nonpublic/messages.php\">". Get_Text("pub_messages_new1"). - " ". mysql_num_rows( $erg ). " ". - Get_Text("pub_messages_new2"). "</a><br><br>"; - } +if (isset ($_SESSION['CVS']["nonpublic/messages.php"])) { + if ($_SESSION['CVS']["nonpublic/messages.php"] == "Y") { + $SQL = "SELECT `Datum` FROM `Messages` WHERE `RUID`=" . $_SESSION["UID"] . " AND `isRead`='N'"; + $erg = mysql_query($SQL, $con); + if (mysql_num_rows($erg) > 0) + echo "<br /><a href=\"" . $url . $ENGEL_ROOT . + "nonpublic/messages.php\">" . Get_Text("pub_messages_new1") . + " " . mysql_num_rows($erg) . " " . + Get_Text("pub_messages_new2") . "</a><br /><br />"; + } } ?> -<table width="95%" align="center" border="0" cellpadding="7" cellspacing="0"> - <tr> -<?PHP +<div id="body"> +<div id="menu"> +<?php + + //ausgaeb Menu -if( !isset($_SESSION['Menu'])) $_SESSION['Menu'] = "L"; -if( $_SESSION['Menu'] =="L") include("menu.php"); +if (!isset ($_SESSION['Menu'])) + $_SESSION['Menu'] = "L"; +if ($_SESSION['Menu'] == "L") + include ("menu.php"); ?> +</div> +<div id="content" class="container"> +<?php - <td valign="top" align="center"> -<table border="0" width="100%" align="center" class="border" cellpadding="5" cellspacing="1"> - <tr class="contenttopic"> - <td> -<?PHP - echo "\t<a name=\"#$header\" class=\"contenttopic\">"; - if( strlen( $header) == 0 ) - echo "\n\t<b>". Get_Text($Page["Name"]). "</b></a>\n"; - else - echo "\n\t<b>$header</b></a>\n"; -?> - </td> - </tr> - <tr class="content"> - <td> -<br> -<?php -echo "\n\n\n"; - -if (IsSet($_SESSION['UID'])) { - if( isset($_SESSION['oldurl'])) +echo '<h1>' . (strlen($header) == 0 ? Get_Text($Page["Name"]) : $header) . '</h1>'; +echo '<article class="content">'; + +if (isset ($_SESSION['UID'])) { + if (isset ($_SESSION['oldurl'])) $BACKUP_SESSION_OLDURL = $_SESSION['oldurl']; - if( isset($_SESSION['newurl'])) + if (isset ($_SESSION['newurl'])) $_SESSION['oldurl'] = $_SESSION['newurl']; $_SESSION['newurl'] = $_SERVER["REQUEST_URI"]; -} - +} -function SetHeaderGo2Back () -{ +function SetHeaderGo2Back() { global $BACKUP_SESSION_OLDURL; $_SESSION['oldurl'] = $BACKUP_SESSION_OLDURL; } +if ($Page["CVS"] != "Y") { + echo "Du besitzt kein Rechte für diesen Bereich.<br />\n"; -if ( $Page["CVS"] != "Y" ) -{ - echo "Du besitzt kein Rechte für diesen Bereich.<br>\n"; - If (IsSet($_SESSION['oldurl'])) - echo "<a href=\"". $_SESSION["oldurl"]. "\">".Get_Text("back")."</a> geht's zurück...\n"; + if (isset ($_SESSION['oldurl'])) + echo "<a href=\"" . $_SESSION["oldurl"] . "\">hier</a> gehts zurück...\n"; else - echo "<a href=\"". $url. $ENGEL_ROOT. "\">".Get_Text("back")."</a> geht's zurück...\n"; - exit (); + echo "<a href=\"" . $url . $ENGEL_ROOT . "\">hier</a> geht's zurück...\n"; + + exit (); } ?> - <!-- ende des header parts //--> - - - diff --git a/includes/header_start.php b/includes/header_start.php deleted file mode 100755 index 997fa94e..00000000 --- a/includes/header_start.php +++ /dev/null @@ -1,50 +0,0 @@ -<?PHP -ini_set( "session.gc_maxlifetime", "65535"); - -include ("config.php"); -include ("error_handler.php"); -include ("config_db.php"); -include ("funktion_lang.php"); -include ("funktion_faq.php"); //für noAnswer() im menu -include ("funktion_menu.php"); -include ("funktion_user.php"); - - -if( isset($SystemDisableMessage) && ( strlen($SystemDisableMessage)>0) ) -{ - echo "<HTML>\n". - "<BODY>\n". $SystemDisableMessage. "\n<BODY>\n". - "</HTML>"; - die(); -} - -if( !isset($_SESSION)) -{ - session_start(); -} -include ("secure.php"); - -if( !isset($_SESSION['IP'])) -{ - $_SESSION['IP'] = $_SERVER['REMOTE_ADDR']; -} - -if (IsSet($_SESSION['UID']) and ($_SESSION['IP'] <> $_SERVER['REMOTE_ADDR'])) -{ - session_destroy (); - header("Location: $url". $ENGEL_ROOT ); -} - -include ("UserCVS.php"); - - -//UPdate LASTlogin -if( isset($_SESSION['UID'])) -{ - $SQLlastLogIn = "UPDATE `User` SET ". - "`lastLogIn` = '". gmdate("Y-m-j H:i:s", time()). "'". - " WHERE `UID` = '". $_SESSION['UID']. "' LIMIT 1;"; - mysql_query ($SQLlastLogIn, $con); -} - -?> diff --git a/includes/login_eingabefeld.php b/includes/login_eingabefeld.php deleted file mode 100755 index bed1a2fd..00000000 --- a/includes/login_eingabefeld.php +++ /dev/null @@ -1,18 +0,0 @@ -<?PHP -include ("config.php"); - -echo "<form action=\"". $url. $ENGEL_ROOT. "nonpublic/index.php\" method=\"post\">"; -echo "<table>\n". - "\t<tr>". - "\t\t<td align=\"right\">". Get_Text("index_lang_nick"). "</td>". - "\t\t<td><input type=\"text\" name=\"user\" size=\"23\"></td>". - "\t</tr>". - "\t<tr>". - "\t\t<td align=\"right\">". Get_Text("index_lang_pass"). "</td>". - "\t\t<td><input type=\"password\" name=\"password\" size=\"23\"></td>". - "\t</tr>". - "</table>". - "<br><input type=\"submit\" value=\"". Get_Text("index_lang_send"). "\">"; -echo "</form>"; - - diff --git a/includes/menu.php b/includes/menu.php deleted file mode 100755 index 6133b856..00000000 --- a/includes/menu.php +++ /dev/null @@ -1,63 +0,0 @@ - -<!-- anfang des menue parts //--> - <td width="160" valign="top"> -<?PHP -$MenueTableStart=" -<table align=\"center\" class=\"border\" cellpadding=\"3\" cellspacing=\"1\"> - <tr> - <td width=\"160\" class=\"menu\"> -"; -$MenueTableEnd=" - <br> - </td> - </tr> -</table><br> -"; - -ShowMenu(""); -ShowMenu("nonpublic"); -ShowMenu("admin"); - -if( !isset($submenus)) - $submenus = 0; - -if ($submenus >= 1 ) { - $inc_name=$_SERVER['PHP_SELF']; - $filenamepos=strrpos($inc_name, '/'); - $filenamepos+=1; - $filename = substr ($inc_name, $filenamepos ); - $filepost = substr ($filename, 0, -4); - $filepre = substr ($filename, -4 ); - $verzeichnis = substr ($inc_name, 0 , $filenamepos); - - for ($index_nummer=1; $index_nummer <= $submenus; $index_nummer++) { -?> -<table align="center" class="border" cellpadding="3" cellspacing="1"> - <tr> - <td width="160" class="menu"> - <?php include ("./".$filepost.".".$index_nummer.$filepre); ?> - </td> - </tr> -</table> - -<br> -<?PHP - } -} - -if( isset($_SESSION['UID'])) -{ -?> -<table align="center" class="border" cellpadding="3" cellspacing="1"> - <tr> - <td width="160" class="menu"> - <?php include("funktion_activeUser.php"); ?> - </td> - </tr> -</table> -<?PHP -} -?> - </td> - -<!-- ende des menue parts //--> diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php new file mode 100644 index 00000000..c5283899 --- /dev/null +++ b/includes/pages/admin_angel_types.php @@ -0,0 +1,96 @@ +<?php + +function admin_angel_types() { + $html = ""; + if (!isset ($_REQUEST['action'])) { + + $table = ""; + $angel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`"); + + foreach ($angel_types as $angel_type) + $table .= sprintf( + '<tr><td>%s</td><td>%s</td><td>' + . '<a href="%s&action=edit&id=%s">Edit</a></td></tr>', + $angel_type['Name'], $angel_type['Man'], + page_link_to("admin_angel_types"), + $angel_type['TID'] + ); + + $html .= template_render('../templates/admin_angel_types.html', array ( + 'link' => page_link_to("admin_angel_types"), + 'table' => $table + )); + + } else { + + switch ($_REQUEST['action']) { + + case 'create' : + $name = strip_request_item("name"); + $man = strip_request_item("man"); + + sql_query("INSERT INTO `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "'"); + + header("Location: " . page_link_to("admin_angel_types")); + break; + + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing AngelType ID."); + + $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); + if (count($angel_type) > 0) { + list ($angel_type) = $angel_type; + + $html .= template_render( + '../templates/admin_angel_types_edit_form.html', array ( + 'link' => page_link_to("admin_angel_types"), + 'id' => $id, + 'name' => $angel_type['Name'], + 'man' => $angel_type['Man'] + )); + } else + return error("No Angel Type found."); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing AngelType ID."); + + $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); + if (count($angel_type) > 0) { + list ($angel_type) = $angel_type; + + $name = strip_request_item("name"); + $man = strip_request_item("man"); + + sql_query("UPDATE `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "' WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_angel_types")); + } else + return error("No Angel Type found."); + break; + + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing AngelType ID."); + + $angel_type = sql_select("SELECT * FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); + if (count($angel_type) > 0) { + sql_query("DELETE FROM `AngelTypes` WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `RoomAngelTypes` WHERE `angel_type_id`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_angel_types")); + } else + return error("No Angel Type found."); + break; + } + } + + return $html; +} +?> diff --git a/includes/pages/admin_faq.php b/includes/pages/admin_faq.php new file mode 100644 index 00000000..b8ba1a64 --- /dev/null +++ b/includes/pages/admin_faq.php @@ -0,0 +1,105 @@ +<?php +function admin_faq() { + if (!isset ($_REQUEST['action'])) { + $faqs_html = ""; + $faqs = sql_select("SELECT * FROM `FAQ`"); + foreach ($faqs as $faq) { + $faqs_html .= sprintf( + '<tr><td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' + . '<td> <dl><dt>%s</dt><dd>%s</dd></dl> </td>' + . '<td><a href="%s&action=edit&id=%s">Edit</a></td></tr>', + $faq['Frage_de'], $faq['Antwort_de'], + $faq['Frage_en'], $faq['Antwort_en'], + page_link_to('admin_faq'), $faq['FID'] + ); + } + return template_render('../templates/admin_faq.html', array ( + 'link' => page_link_to("admin_faq"), + 'faqs' => $faqs_html + )); + } else { + switch ($_REQUEST['action']) { + case 'create' : + $frage = strip_request_item_nl('frage'); + $antwort = strip_request_item_nl('antwort'); + $question = strip_request_item_nl('question'); + $answer = strip_request_item_nl('answer'); + + sql_query("INSERT INTO `FAQ` SET `Frage_de`='" . sql_escape($frage) + . "', `Frage_en`='" . sql_escape($question) + . "', `Antwort_de`='" . sql_escape($antwort) + . "', `Antwort_en`='" . sql_escape($answer) + . "'" + ); + + header("Location: " . page_link_to("admin_faq")); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing FAQ ID."); + + $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + if (count($faq) > 0) { + list ($faq) = $faq; + + $frage = strip_request_item_nl('frage'); + $antwort = strip_request_item_nl('antwort'); + $question = strip_request_item_nl('question'); + $answer = strip_request_item_nl('answer'); + + sql_query("UPDATE `FAQ` SET `Frage_de`='" . sql_escape($frage) + . "', `Frage_en`='" . sql_escape($question) + . "', `Antwort_de`='" . sql_escape($antwort) + . "', `Antwort_en`='" . sql_escape($answer) + . "' WHERE `FID`=" . sql_escape($id) . " LIMIT 1" + ); + + header("Location: " . page_link_to("admin_faq")); + } else + return error("No FAQ found."); + break; + + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing FAQ ID."); + + $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + if (count($faq) > 0) { + list ($faq) = $faq; + + return template_render('../templates/admin_faq_edit_form.html', array ( + 'link' => page_link_to("admin_faq"), + 'id' => $id, + 'frage' => $faq['Frage_de'], + 'antwort' => $faq['Antwort_de'], + 'question' => $faq['Frage_en'], + 'answer' => $faq['Antwort_en'] + )); + } else + return error("No FAQ found."); + break; + + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing FAQ ID."); + + $faq = sql_select("SELECT * FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + if (count($faq) > 0) { + list ($faq) = $faq; + + sql_query("DELETE FROM `FAQ` WHERE `FID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_faq")); + } else + return error("No FAQ found."); + break; + } + } +} +?> diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php new file mode 100644 index 00000000..770f09b4 --- /dev/null +++ b/includes/pages/admin_groups.php @@ -0,0 +1,91 @@ +<?php +function admin_groups() { + global $user; + + $html = ""; + $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`"); + if (!isset ($_REQUEST["action"])) { + $groups_html = ""; + foreach ($groups as $group) { + $groups_html .= sprintf( + '<tr><td>%s</td>', + $group['Name'] + ); + $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); + $privileges_html = array (); + + foreach ($privileges as $priv) + $privileges_html[] = $priv['name']; + + $groups_html .= sprintf( + '<td>%s</td>' + . '<td><a href="%s&action=edit&id=%s">Ändern</a></td>', + join(', ', $privileges_html), + page_link_to("admin_groups"), + $group['UID'] + ); + } + + return template_render('../templates/admin_groups.html', array ( + 'nick' => $user['Nick'], + 'groups' => $groups_html + )); + } else { + switch ($_REQUEST["action"]) { + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Groups ID."); + + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + if (count($room) > 0) { + list ($room) = $room; + $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); + $privileges_html = ""; + foreach ($privileges as $priv) + $privileges_html .= sprintf( + '<tr><td><input type="checkbox" ' + . 'name="privileges[]" value="%s" %s />' + . '</td> <td>%s</td> <td>%s</td></tr>', + $priv['id'], + ($priv['group_id'] != "" + ? 'checked="checked"' + : ''), + $priv['name'], + $priv['desc'] + ); + + $html .= template_render('../templates/admin_groups_edit_form.html', array ( + 'link' => page_link_to("admin_groups"), + 'id' => $id, + 'privileges' => $privileges_html + )); + } else + return error("No Group found."); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Groups ID."); + + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + if (!is_array($_REQUEST['privileges'])) + $_REQUEST['privileges'] = array (); + if (count($room) > 0) { + list ($room) = $room; + sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id)); + foreach ($_REQUEST['privileges'] as $priv) + if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0) + sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); + header("Location: " . page_link_to("admin_groups")); + } else + return error("No Group found."); + break; + } + } + return $html; +} +?> diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php new file mode 100644 index 00000000..6523050c --- /dev/null +++ b/includes/pages/admin_import.php @@ -0,0 +1,253 @@ +<?php +function admin_import() { + global $Room, $RoomID, $RoomName; + global $PentabarfGetWith, $PentabarfXMLpath, $PentabarfXMLhost; + + require_once ("includes/funktion_xml.php"); + /////////// + // DEBUG // + /////////// + $ShowDataStrukture = 0; + $EnableRoomFunctions = 1; + $EnableRooms = 1; + $EnableSchudleFunctions = 1; + $EnableSchudle = 1; + $EnableSchudleDB = 1; + + CreateRoomArrays(); + + $html = ""; + + /*############################################################################################## + F I L E + ##############################################################################################*/ + $html .= "\n\n<br />\n<h1>XML File:</h1>\n"; + if (isset ($_POST["PentabarfUser"]) && isset ($_POST["password"]) && isset ($_POST["PentabarfURL"])) { + $html .= "Update XCAL-File from Pentabarf.."; + if ($PentabarfGetWith == "fsockopen") { + + //backup error messeges and delate + $Backuperror_messages = $error_messages; + $fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 30); + // $error_messages = $Backuperror_messages; + + if (!$fp) { + $html .= "<h2>fail: File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . "' not readable!" . + "[$errstr ($errno)]</h2>"; + } else { + if (($fileOut = fopen("$Tempdir/engelXML", "w")) != FALSE) { + $head = 'GET /' . $PentabarfXMLpath . $_POST["PentabarfURL"] . ' HTTP/1.1' . "\r\n" . + 'Host: ' . $PentabarfXMLhost . "\r\n" . + 'User-Agent: Engelsystem' . "\r\n" . + 'Authorization: Basic ' . + base64_encode($_POST["PentabarfUser"] . ':' . $_POST["password"]) . "\r\n" . + "\r\n"; + fputs($fp, $head); + $Zeilen = -1; + while (!feof($fp)) { + $Temp = fgets($fp, 1024); + + // ende des headers + if ($Temp == "f20\r\n") { + $Zeilen = 0; + $Temp = ""; + } + + //file ende? + if ($Temp == "0\r\n") + break; + + if (($Zeilen > -1) && ($Temp != "ffb\r\n")) { + //steuerzeichen ausfiltern + if (strpos("#$Temp", "\r\n") > 0) + $Temp = substr($Temp, 0, strlen($Temp) - 2); + if (strpos("#$Temp", "1005") > 0) + $Temp = ""; + if (strpos("#$Temp", "783") > 0) + $Temp = ""; + //schreiben in file + fputs($fileOut, $Temp); + $Zeilen++; + } + } + fclose($fileOut); + + $html .= "<br />Es wurden $Zeilen Zeilen eingelesen<br />"; + } else + $html .= "<h2>fail: File '$Tempdir/engelXML' not writeable!</h2>"; + fclose($fp); + } + } + elseif ($PentabarfGetWith == "fopen") { + //user uns password in url einbauen + $FileNameIn = "https://" . $_POST["PentabarfUser"] . ':' . $_POST["password"] . "@" . + $PentabarfXMLhost . "/" . $PentabarfXMLpath . $_POST["PentabarfURL"]; + + if (($fileIn = fopen($FileNameIn, "r")) != FALSE) { + if (($fileOut = fopen("$Tempdir/engelXML", "w")) != FALSE) { + $Zeilen = 0; + while (!feof($fileIn)) { + $Zeilen++; + fputs($fileOut, fgets($fileIn)); + } + fclose($fileOut); + $html .= "<br />Es wurden $Zeilen Zeilen eingelesen<br />"; + } else + $html .= "<h2>fail: File '$Tempdir/engelXML' not writeable!</h2>"; + fclose($fileIn); + } else + $html .= "<h2>fail: File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . "' not readable!</h2>"; + } + elseif ($PentabarfGetWith == "wget") { + $Command = "wget --http-user=" . $_POST["PentabarfUser"] . " --http-passwd=" . $_POST["password"] . " " . + "https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . + " --output-file=$Tempdir/engelXMLwgetLog --output-document=$Tempdir/engelXML" . + " --no-check-certificate"; + $html .= system($Command, $Status); + if ($Status == 0) + $html .= "OK.<br />"; + else + $html .= "fail ($Status)($Command).<br />"; + } + elseif ($PentabarfGetWith == "lynx") { + $Command = "lynx -auth=" . $_POST["PentabarfUser"] . ":" . $_POST["password"] . " -dump " . + "https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . " > $Tempdir/engelXML"; + $html .= system($Command, $Status); + if ($Status == 0) + $html .= "OK.<br />"; + else + $html .= "fail ($Status)($Command).<br />"; + } + elseif ($PentabarfGetWith == "fopen") { + //user uns password in url einbauen + $FileNameIn = "https://" . $_POST["PentabarfUser"] . ':' . $_POST["password"] . "@" . + $PentabarfXMLhost . "/" . $PentabarfXMLpath . $_POST["PentabarfURL"]; + + if (($fileIn = fopen($FileNameIn, "r")) != FALSE) { + if (($fileOut = fopen("$Tempdir/engelXML", "w")) != FALSE) { + $Zeilen = 0; + while (!feof($fileIn)) { + $Zeilen++; + fputs($fileOut, fgets($fileIn)); + } + fclose($fileOut); + $html .= "<br />Es wurden $Zeilen Zeilen eingelesen<br />"; + } else + $html .= "<h2>fail: File '$Tempdir/engelXML' not writeable!</h2>"; + fclose($fileIn); + } else + $html .= "<h2>fail: File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . "' not readable!</h2>"; + } + elseif ($PentabarfGetWith == "wget") { + $Command = "wget --http-user=" . $_POST["PentabarfUser"] . " --http-passwd=" . $_POST["password"] . " " . + "https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . + " --output-file=$Tempdir/engelXMLwgetLog --output-document=$Tempdir/engelXML" . + " --no-check-certificate"; + $html .= system($Command, $Status); + if ($Status == 0) + $html .= "OK.<br />"; + else + $html .= "fail ($Status)($Command).<br />"; + } + elseif ($PentabarfGetWith == "lynx") { + $Command = "lynx -auth=" . $_POST["PentabarfUser"] . ":" . $_POST["password"] . " -dump " . + "https://$PentabarfXMLhost/$PentabarfXMLpath" . $_POST["PentabarfURL"] . " > $Tempdir/engelXML"; + $html .= system($Command, $Status); + if ($Status == 0) + $html .= "OK.<br />"; + else + $html .= "fail ($Status)($Command).<br />"; + } else + $html .= "<h1>The PentabarfGetWith='$PentabarfGetWith' not supported</h1>"; + } else { + $html .= "<form action=\"dbUpdateFromXLS.php\" method=\"post\">\n"; + $html .= "<table border=\"0\">\n"; + $html .= "\t<tr><td>XCAL-File: https://$PentabarfXMLhost/$PentabarfXMLpath</td>" . + "<td><input name=\"PentabarfURL\" type=\"text\" size=\"4\" maxlength=\"5\" " . + "value=\"$PentabarfXMLEventID\"></td></tr>\n"; + $html .= "\t<tr><td>Username:</td>" . + "<td><input name=\"PentabarfUser\" type=\"text\" size=\"30\" maxlength=\"30\"></td></tr>\n"; + $html .= "\t<tr><td>Password:</td>" . + "<td><input name=\"password\" type=\"password\" size=\"30\" maxlength=\"30\"></td></tr>\n"; + $html .= "\t<tr><td></td><td><input type=\"submit\" name=\"FileUpload\" value=\"upload\"></td></tr>\n"; + $html .= "</table>\n"; + $html .= "</form>\n"; + } + + //readXMLfile("xml.php.xml"); + if (readXMLfile("../import/27C3_sample.xcs.xml") == 0) { + $XMLmain = getXMLsubPease($XMLmain, "VCALENDAR"); + + if ($ShowDataStrukture) { + $html .= "<pre><br />"; + $html .= $XMLmain->name; + $html .= "<br />"; + print_r(array_values($XMLmain->sub)); + $html .= "</pre>"; + } + + /* + $html .= "<br />"; + $Feld=7; + $html .= "$Feld#". $XMLmain->sub[$Feld]->name. "<br />"; + $html .= "$Feld#". $XMLmain->sub[$Feld]->sub; + //print_r(array_values ($XMLmain->sub[$Feld]->sub)); + while(list($key, $value) = each($XMLmain->sub[$Feld]->sub)) + $html .= "?ID".$value->sub[1]->data. "=". $value->sub[2]->data. "\n"; + $html .= "</pre>"; + */ + + /*############################################################################################## + V e r s i o n + ##############################################################################################*/ + + $html .= "<hr>\n"; + $XMLrelease = getXMLsubPease($XMLmain, "X-WR-CALDESC"); + $html .= "release: " . $XMLrelease->data . "<br />\n"; + //$XMLreleaseDate = getXMLsubPease( $XMLmain, "RELEASE-DATE"); + //$html .= "release date: ". $XMLreleaseDate->data. "<br />\n"; + $html .= "<hr>\n"; + + /*############################################################################################## + V e r s i o n + ##############################################################################################*/ + if ($EnableRoomFunctions) + include ("includes/funktion_xml_room.php"); + + if ($EnableSchudleFunctions) + include ("includes/funktion_xml_schudle.php"); + + /*############################################################################################## + U P D A T E A L L + ##############################################################################################*/ + $html .= "\n\n<br />\n<h1>Update ALL:</h1>\n"; + + $html .= "<form action=\"dbUpdateFromXLS.php\">\n"; + $html .= "\t<input type=\"submit\" name=\"UpdateALL\" value=\"now\">\n"; + $html .= "</form>\n"; + + } //if XMLopenOOK + return $html; +} + +/*############################################################################################## + erstellt Arrays der Reume + ##############################################################################################*/ +function CreateRoomArrays() { + global $Room, $RoomID, $RoomName, $con; + + $sql = "SELECT `RID`, `Name` FROM `Room` " . + "WHERE `Show`='Y'" . + "ORDER BY `Number`, `Name`;"; + $Erg = mysql_query($sql, $con); + $rowcount = mysql_num_rows($Erg); + + for ($i = 0; $i < $rowcount; $i++) { + $Room[$i]["RID"] = mysql_result($Erg, $i, "RID"); + $Room[$i]["Name"] = mysql_result($Erg, $i, "Name"); + $RoomID[mysql_result($Erg, $i, "RID")] = mysql_result($Erg, $i, "Name"); + $RoomName[mysql_result($Erg, $i, "Name")] = mysql_result($Erg, $i, "RID"); + } +} +?> + diff --git a/includes/pages/admin_language.php b/includes/pages/admin_language.php new file mode 100644 index 00000000..749cd643 --- /dev/null +++ b/includes/pages/admin_language.php @@ -0,0 +1,110 @@ +<?php +function admin_language() { + global $user; + + $html = ""; + if (!isset ($_POST["TextID"])) { + $html .= Get_Text("Hello") . $user['Nick'] . ", <br />\n"; + $html .= Get_Text("pub_sprache_text1") . "<br /><br />\n"; + + $html .= "<a href=\"" . page_link_to("admin_language") . "&ShowEntry=y\">" . Get_Text("pub_sprache_ShowEntry") . "</a>"; + // ausgabe Tabellenueberschift + $SQL_Sprachen = "SELECT `Sprache` FROM `Sprache` GROUP BY `Sprache`;"; + $erg_Sprachen = sql_query($SQL_Sprachen); + + for ($i = 0; $i < mysql_num_rows($erg_Sprachen); $i++) + $Sprachen[mysql_result($erg_Sprachen, $i, "Sprache")] = $i; + + $html .= "\t<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>"; + $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_TextID") . "</b></td>"; + foreach ($Sprachen as $Name => $Value) + $html .= "<td class=\"contenttopic\"><b>" . + Get_Text("pub_sprache_Sprache") . " " . $Name . + "</b></td>"; + $html .= "\t\t<td class=\"contenttopic\"><b>" . Get_Text("pub_sprache_Edit") . "</b></td>"; + $html .= "\t\t</tr>"; + + if (isset ($_GET["ShowEntry"])) { + // ausgabe eintraege + $SQL = "SELECT * FROM `Sprache` ORDER BY `TextID`;"; + $erg = sql_query($SQL); + + $TextID_Old = mysql_result($erg, 0, "TextID"); + for ($i = 0; $i < mysql_num_rows($erg); $i++) { + $TextID_New = mysql_result($erg, $i, "TextID"); + if ($TextID_Old != $TextID_New) { + $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">"; + $html .= "<tr class=\"content\">\n"; + $html .= "\t\t<td>$TextID_Old " . + "<input name=\"TextID\" type=\"hidden\" value=\"$TextID_Old\"> </td>\n"; + + foreach ($Sprachen as $Name => $Value) { + $Value = html_entity_decode($Value, ENT_QUOTES); + $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Value</textarea></td>\n"; + $Sprachen[$Name] = ""; + } + + $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n"; + $html .= "</tr>"; + $html .= "</form>\n"; + $TextID_Old = $TextID_New; + } + $Sprachen[mysql_result($erg, $i, "Sprache")] = mysql_result($erg, $i, "Text"); + } /*FOR*/ + } + + //fuer neu eintraege + $html .= "<form action=\"" . page_link_to("admin_language") . "\" method=\"post\">"; + $html .= "<tr class=\"content\">\n"; + $html .= "\t\t<td><input name=\"TextID\" type=\"text\" size=\"40\" value=\"new\"> </td>\n"; + + foreach ($Sprachen as $Name => $Value) + $html .= "\t\t<td><textarea name=\"$Name\" cols=\"22\" rows=\"8\">$Name Text</textarea></td>\n"; + + $html .= "\t\t<td><input type=\"submit\" value=\"Save\"></td>\n"; + $html .= "</tr>"; + $html .= "</form>\n"; + + $html .= "</table>\n"; + } /*if( !isset( $TextID ) )*/ + else { + $html .= "edit: " . $_POST["TextID"] . "<br /><br />"; + foreach ($_POST as $k => $v) { + if ($k != "TextID") { + $sql_test = "SELECT * FROM `Sprache` " . + "WHERE `TextID`='" . sql_escape($_POST["TextID"]) + . "' AND `Sprache`='" + . sql_escape($k) . "'"; + + $erg_test = sql_query($sql_test); + + if (mysql_num_rows($erg_test) == 0) { + $sql_save = "INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) " . + "VALUES ('" . sql_escape($_POST["TextID"]) . "', '" + . sql_escape($k) . "', '" + . sql_escape($v) . "')"; + + $html .= $sql_save . "<br />"; + $Erg = sql_query($sql_save); + $html .= success("$k Save: OK<br />\n"); + } else + if (mysql_result($erg_test, 0, "Text") != $v) { + $sql_save = "UPDATE `Sprache` SET `Text`='" + . sql_escape($v) . "' " . + "WHERE `TextID`='" + . sql_escape($_POST["TextID"]) + . "' AND `Sprache`='" . sql_escape($k) . "' "; + + $html .= $sql_save . "<br />"; + $Erg = sql_query($sql_save); + $html .= success(" $k Update: OK<br />\n"); + } else + $html .= "\t $k no changes<br />\n"; + } + } + + } + return $html; +} +?> + diff --git a/includes/pages/admin_log.php b/includes/pages/admin_log.php new file mode 100644 index 00000000..2798b2cf --- /dev/null +++ b/includes/pages/admin_log.php @@ -0,0 +1,76 @@ +<?php +function admin_log() { + require_once ("includes/funktion_db_list.php"); + + $html = ""; + $SQL = "SELECT * FROM `ChangeLog` ORDER BY `Time` DESC LIMIT 0,10000"; + $Erg = sql_query($SQL); + + if (mysql_num_rows($Erg) > 0) { + $html .= "<table border=1>\n"; + $html .= "<tr>\n\t<th>Time</th>\n\t<th>User</th>\n\t<th>Commend</th>\n\t<th>SQL Command</th>\n</tr>\n"; + for ($n = 0; $n < mysql_num_rows($Erg); $n++) { + $html .= "<tr>\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "Time") . "</td>\n"; + $html .= "\t<td>" . UID2Nick(mysql_result($Erg, $n, "UID")) . displayavatar(mysql_result($Erg, $n, "UID")) . "</td>\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "Commend") . "</td>\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "SQLCommad") . "</td>\n"; + $html .= "</tr>\n"; + } + $html .= "</table>\n"; + } else { + $html .= "Log is empty..."; + } + $html .= "<hr />"; + + $html .= "<h1>Web Counter</h1>"; + $html .= funktion_db_list("Counter"); + + /* + $html .= "<h1>Raeume</h1> <br />"; + funktion_db_list("Raeume"); + + $html .= "<h1>Schichtbelegung</h1> <br />"; + funktion_db_list("Schichtbelegung"); + + $html .= "<h1>Schichtplan</h1> <br />Hier findest du alle bisher eingetragenen Schichten:"; + funktion_db_list("Schichtplan"); + + $html .= "<h1>User</h1> <br />"; + funktion_db_list("User"); + + $html .= "<h1>News</h1> <br />"; + funktion_db_list("News"); + + $html .= "<h1>FAQ</h1> <br />"; + funktion_db_list("FAQ"); + + $html .= "Deaktiviert"; + */ + + $html .= "<hr>\n"; + $html .= funktion_db_element_list_2row("Tshirt-Size aller engel", "SELECT `Size`, COUNT(`Size`) FROM `User` GROUP BY `Size`"); + $html .= "<br />\n"; + $html .= funktion_db_element_list_2row("Tshirt ausgegeben", "SELECT `Size`, COUNT(`Size`) FROM `User` WHERE `Tshirt`='1' GROUP BY `Size`"); + $html .= "<br />\n"; + $html .= funktion_db_element_list_2row("Tshirt nicht ausgegeben (Gekommen=1)", "SELECT COUNT(`Size`), `Size` FROM `User` WHERE `Gekommen`='1' and `Tshirt`='0' GROUP BY `Size`"); + + $html .= "<hr>\n"; + $html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`"); + $html .= "<br />\n"; + $html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`"); + + $html .= "<hr>\n"; + $html .= funktion_db_element_list_2row("Gesamte Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID)"); + $html .= "<br />\n"; + $html .= funktion_db_element_list_2row("Geleisteter Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0)"); + + $html .= "<hr>\n"; + $html .= funktion_db_element_list_2row("Gesamte Arbeit (Ohne Raum aufabau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (Shifts.RID!=7)"); + $html .= "<br />\n"; + $html .= funktion_db_element_list_2row("Geleisteter Arbeit (Ohne Raum aufabau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0) AND (Shifts.RID!=7)"); + + return $html; +} +?> + diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php new file mode 100644 index 00000000..2c6e1f45 --- /dev/null +++ b/includes/pages/admin_news.php @@ -0,0 +1,87 @@ +<?php +function admin_news() { + global $user; + + if (!isset ($_GET["action"])) { + header("Location: " . page_link_to("news")); + } else { + $html = ""; + switch ($_GET["action"]) { + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID."); + + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + $html .= '<a href="' . page_link_to("news") . '">« Back</a>'; + + $html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n"; + + $html .= "<table>\n"; + $html .= " <tr><td>Datum</td><td>" . + date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n"; + $html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" . + $news["Betreff"] . "\"></td></tr>\n"; + $html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" . + $news["Text"] . "</textarea></td></tr>\n"; + $html .= " <tr><td>Engel</td><td>" . + UID2Nick($news["UID"]) . "</td></tr>\n"; + $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', array ( + '1' => "Ja", + '0' => "Nein" + ), $news['Treffen']) . "</td></tr>\n"; + $html .= "</table>"; + + $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n"; + $html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n"; + $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n"; + $html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n"; + $html .= "</form>"; + } else + return error("No News found."); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID."); + + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . + "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); + header("Location: " . page_link_to("news")); + } else + return error("No News found."); + break; + + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID."); + + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + sql_query("DELETE FROM `news` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("news")); + } else + return error("No News found."); + break; + } + } + return $html; +} +?>
\ No newline at end of file diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php new file mode 100644 index 00000000..0e4469d5 --- /dev/null +++ b/includes/pages/admin_questions.php @@ -0,0 +1,85 @@ +<?php +function admin_new_questions() { + global $user, $privileges; + + if (in_array("admin_questions", $privileges)) { + $new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0"); + + if ($new_messages > 0) + return '<p class="notice"><a href="' . page_link_to("admin_questions") . '">There are unanswered questions!</a></p><hr />'; + } + + return ""; +} + +function admin_questions() { + global $user; + + if (!isset ($_REQUEST['action'])) { + $open_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0"); + foreach ($questions as $question) + $open_questions .= template_render( + '../templates/admin_question_unanswered.html', array ( + 'question_nick' => UID2Nick($question['UID']), + 'question_id' => $question['QID'], + 'link' => page_link_to("admin_questions"), + 'question' => str_replace("\n", '<br />', $question['Question']) + )); + + $answered_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0"); + + foreach ($questions as $question) + $answered_questions .= template_render( + '../templates/admin_question_answered.html', array ( + 'question_id' => $question['QID'], + 'question_nick' => UID2Nick($question['UID']), + 'question' => str_replace("\n", "<br />", $question['Question']), + 'answer_nick' => UID2Nick($question['AID']), + 'answer' => str_replace("\n", "<br />", $question['Answer']), + 'link' => page_link_to("admin_questions"), + )); + + return template_render('../templates/admin_questions.html', array ( + 'link' => page_link_to("admin_questions"), + 'open_questions' => $open_questions, + 'answered_questions' => $answered_questions + )); + } else { + switch ($_REQUEST['action']) { + case 'answer' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Question ID."); + + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + if (count($question) > 0 && $question[0]['AID'] == "0") { + $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer']))); + + if ($answer != "") { + sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_questions")); + } else + return error("Please enter an answer!"); + } else + return error("No question found."); + break; + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Question ID."); + + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + if (count($question) > 0) { + sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("admin_questions")); + } else + return error("No question found."); + break; + } + } +} +?> diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php new file mode 100644 index 00000000..be54b8ea --- /dev/null +++ b/includes/pages/admin_rooms.php @@ -0,0 +1,143 @@ +<?php +function admin_rooms() { + global $user; + + $html = ""; + $rooms = sql_select("SELECT * FROM `Room` ORDER BY `Number`, `Name`"); + if (!isset ($_REQUEST["action"])) { + $html .= "Hallo " . $user['Nick'] . + ",<br />\nhier hast du die Möglichkeit, neue Räume für die Schichtpläne einzutragen " . + "oder vorhandene abzuändern:<br /><br />\n"; + + // Räume auflisten + if (count($rooms) > 0) { + $html .= '<table><thead><tr>'; + + $html .= "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; + $html .= "<tr class=\"contenttopic\">\n"; + + // Tabellenüberschriften generieren + foreach ($rooms[0] as $attr => $tmp) + if ($attr != 'RID') + $html .= '<th>' . $attr . '</th>'; + $html .= '<th> </th>'; + $html .= '</tr></thead><tbody>'; + + foreach ($rooms as $i => $room) { + $html .= '<tr>'; + foreach ($room as $attr => $value) + if ($attr != 'RID') + $html .= '<td>' . $value . '</td>'; + $html .= '<td><a href="' . page_link_to("admin_rooms") . '&action=change&RID=' . $room['RID'] . '">Edit</a></td>'; + $html .= '</tr>'; + } + + $html .= '</tbody></table>'; + } + $html .= "<hr /><a href=\"" . page_link_to("admin_rooms") . "&action=new\">Neuen Raum/Ort eintragen</a><br />\n"; + } else { + switch ($_REQUEST["action"]) { + + case 'new' : + $html .= template_render('../templates/admin_rooms_new_form.html', array ( + 'link' => page_link_to("admin_rooms") + )); + break; + + case 'newsave' : + $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name'])); + $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man'])); + $from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf'])); + $show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show'])); + $number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number'])); + sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "'"); + header("Location: " . page_link_to("admin_rooms")); + break; + + case 'change' : + if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) + $rid = $_REQUEST['RID']; + else + return error("Incomplete call, missing Room ID."); + + $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); + if (count($room) > 0) { + list ($room) = $room; + $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`"); + + $angel_types = ""; + foreach ($room_angel_types as $room_angel_type) { + if ($room_angel_type['count'] == "") + $room_angel_type['count'] = "0"; + $angel_types .= '<tr><td>' . $room_angel_type['Name'] . '</td><td><input type="text" name="angel_type_' . $room_angel_type['TID'] . '" value="' . $room_angel_type['count'] . '" /></td></tr>'; + } + + $html .= template_render('../templates/admin_rooms_edit_form.html', array ( + 'link' => page_link_to("admin_rooms"), + 'room_id' => $rid, + 'name' => $room['Name'], + 'man' => $room['Man'], + 'number' => $room['Number'], + 'from_pentabarf_options' => html_options('FromPentabarf', array ( + 'Y' => 'Yes', + 'N' => 'No' + ), $room['FromPentabarf']), + 'show_options' => html_options('Show', array ( + 'Y' => 'Yes', + 'N' => 'No' + ), $room['show']), + 'angel_types' => $angel_types + )); + } else + return error("No Room found."); + break; + + case 'changesave' : + if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) + $rid = $_REQUEST['RID']; + else + return error("Incomplete call, missing Room ID."); + + $room = sql_select("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); + if (count($room) > 0) { + list ($room) = $room; + $room_angel_types = sql_select("SELECT * FROM `AngelTypes` LEFT OUTER JOIN `RoomAngelTypes` ON (`AngelTypes`.`TID` = `RoomAngelTypes`.`angel_type_id` AND `RoomAngelTypes`.`room_id`=" . sql_escape($rid) . ") ORDER BY `AngelTypes`.`Name`"); + + $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Name'])); + $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['Man'])); + $from_pentabarf = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['FromPentabarf'])); + $show = preg_replace("/([^YN]{1,})/ui", '', strip_tags($_REQUEST['Show'])); + $number = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['Number'])); + sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($show) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); + sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid)); + foreach ($room_angel_types as $room_angel_type) { + if (isset ($_REQUEST['angel_type_' . $room_angel_type['TID']]) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['angel_type_' . $room_angel_type['TID']])) + $count = $_REQUEST['angel_type_' . $room_angel_type['TID']]; + else + $count = "0"; + sql_query("INSERT INTO `RoomAngelTypes` SET `room_id`=" . sql_escape($rid) . ", `angel_type_id`=" . sql_escape($room_angel_type['TID']) . ", `count`=" . sql_escape($count)); + } + header("Location: " . page_link_to("admin_rooms")); + } else + return error("No Room found."); + break; + + case 'delete' : + if (isset ($_REQUEST['RID']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['RID'])) + $rid = $_REQUEST['RID']; + else + return error("Incomplete call, missing Room ID."); + + if (sql_num_query("SELECT * FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1") > 0) { + sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($rid) . " LIMIT 1"); + sql_query("DELETE FROM `RoomAngelTypes` WHERE `room_id`=" . sql_escape($rid) . " LIMIT 1"); + header("Location: " . page_link_to("admin_rooms")); + } else + return error("No Room found."); + break; + + } + } + return $html; +} +?> diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php new file mode 100644 index 00000000..0399dda8 --- /dev/null +++ b/includes/pages/admin_user.php @@ -0,0 +1,324 @@ +<?php +function admin_user() { + global $user; + + include ("includes/funktion_db_list.php"); + + $html = ""; + + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { + $id = $_REQUEST['id']; + if (!isset ($_REQUEST['action'])) { + $html .= "Hallo,<br />" . + "hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . + "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . + "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . + "Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . + "bereits sein T-Shirt erhalten hat.<br /><br />\n"; + + $html .= "<form action=\"" . page_link_to("admin_user") . "&action=save&id=$id\" method=\"post\">\n"; + $html .= "<table border=\"0\">\n"; + $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n"; + + $SQL = "SELECT * FROM `User` WHERE `UID`='" . $id . "'"; + $Erg = sql_query($SQL); + + $html .= "<tr><td>\n"; + $html .= "<table>\n"; + $html .= " <tr><td>Nick</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eNick\" value=\"" . + mysql_result($Erg, 0, "Nick") . "\"></td></tr>\n"; + $html .= " <tr><td>lastLogIn</td><td>" . + date("Y-m-d H:i", mysql_result($Erg, 0, "lastLogIn")) . "</td></tr>\n"; + $html .= " <tr><td>Name</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eName\" value=\"" . + mysql_result($Erg, 0, "Name") . "\"></td></tr>\n"; + $html .= " <tr><td>Vorname</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . + mysql_result($Erg, 0, "Vorname") . "\"></td></tr>\n"; + $html .= " <tr><td>Alter</td><td>" . + "<input type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . + mysql_result($Erg, 0, "Alter") . "\"></td></tr>\n"; + $html .= " <tr><td>Telefon</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . + mysql_result($Erg, 0, "Telefon") . "\"></td></tr>\n"; + $html .= " <tr><td>Handy</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . + mysql_result($Erg, 0, "Handy") . "\"></td></tr>\n"; + $html .= " <tr><td>DECT</td><td>" . + "<input type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . + mysql_result($Erg, 0, "DECT") . "\"></td></tr>\n"; + $html .= " <tr><td>email</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eemail\" value=\"" . + mysql_result($Erg, 0, "email") . "\"></td></tr>\n"; + $html .= " <tr><td>ICQ</td><td>" . + "<input type=\"text\" size=\"40\" name=\"eICQ\" value=\"" . + mysql_result($Erg, 0, "ICQ") . "\"></td></tr>\n"; + $html .= " <tr><td>jabber</td><td>" . + "<input type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . + mysql_result($Erg, 0, "jabber") . "\"></td></tr>\n"; + $html .= " <tr><td>Size</td><td>" . + html_select_key('size', array ( + 'S' => "S", + 'M' => "M", + 'L' => "L", + 'XL' => "XL", + '2XL' => "2XL", + '3XL' => "3XL", + '4XL' => "4XL", + '5XL' => "5XL", + 'S-G' => "S Girl", + 'M-G' => "M Girl", + 'L-G' => "L Girl", + 'XL-G' => "XL Girl" + ), mysql_result($Erg, 0, "Size")) . "</td></tr>\n"; + + $options = array ( + '1' => "Yes", + '0' => "No" + ); + + // Gekommen? + $html .= " <tr><td>Gekommen</td><td>\n"; + $html .= html_options('eGekommen', $options, mysql_result($Erg, 0, "Gekommen")) . "</td></tr>\n"; + + // Aktiv? + $html .= " <tr><td>Aktiv</td><td>\n"; + $html .= html_options('eAktiv', $options, mysql_result($Erg, 0, "Aktiv")) . "</td></tr>\n"; + + // T-Shirt bekommen? + $html .= " <tr><td>T-Shirt</td><td>\n"; + $html .= html_options('eTshirt', $options, mysql_result($Erg, 0, "Tshirt")) . "</td></tr>\n"; + + $html .= " <tr><td>Hometown</td><td>" . + "<input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . + mysql_result($Erg, 0, "Hometown") . "\"></td></tr>\n"; + + $html .= "</table>\n</td><td valign=\"top\">" . displayavatar($id, false) . "</td></tr>"; + + $html .= "</td></tr>\n"; + $html .= "</table>\n<br />\n"; + $html .= "<input type=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + + $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form action=\"" . page_link_to("admin_user") . "&action=change_pw&id=$id\" method=\"post\">\n"; + $html .= "<table>\n"; + $html .= " <tr><td>Passwort</td><td>" . + "<input type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n"; + $html .= " <tr><td>Wiederholung</td><td>" . + "<input type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n"; + + $html .= "</table>"; + $html .= "<input type=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + + $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n"; + $html .= '<table>'; + + list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid`"); + list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid`"); + + if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) { + $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`"); + foreach ($groups as $group) + $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>'; + + $html .= '</table>'; + + $html .= "<input type=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + } + + $html .= "<form action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n"; + $html .= "<input type=\"submit\" value=\"Löschen\">\n"; + $html .= "</form>"; + + $html .= "<hr />"; + $html .= funktion_db_element_list_2row("Freeloader Shifts", "SELECT `Remove_Time`, `Length`, `Comment` FROM `ShiftFreeloader` WHERE UID=" . $_REQUEST['id']); + } else { + switch ($_REQUEST['action']) { + case 'save_groups' : + if ($id != $user['UID']) { + list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `uid`"); + list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `uid`"); + + if ($my_highest_group <= $his_highest_group) { + $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`"); + $grouplist = array (); + foreach ($groups as $group) + $grouplist[] = $group['UID']; + + if (!is_array($_REQUEST['groups'])) + $_REQUEST['groups'] = array (); + + sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); + foreach ($_REQUEST['groups'] as $group) + if (in_array($group, $grouplist)) + sql_query("INSERT INTO `UserGroups` SET `uid`=" . + sql_escape($id) . ", `group_id`=" . sql_escape($group)); + $html .= success("Benutzergruppen gespeichert."); + } else { + $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten."); + } + } else { + $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten."); + } + break; + + case 'delete' : + if ($user['UID'] != $id) { + sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); + sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id)); + $html .= success("Benutzer gelöscht!"); + } else { + $html .= error("Du kannst Dich nicht selber löschen!"); + } + break; + + case 'save' : + $SQL = "UPDATE `User` SET "; + $SQL .= " `Nick` = '" . $_POST["eNick"] . "', `Name` = '" . $_POST["eName"] . "', " . + "`Vorname` = '" . $_POST["eVorname"] . "', " . + "`Telefon` = '" . $_POST["eTelefon"] . "', " . + "`Handy` = '" . $_POST["eHandy"] . "', " . + "`Alter` = '" . $_POST["eAlter"] . "', " . + "`DECT` = '" . $_POST["eDECT"] . "', " . + "`email` = '" . $_POST["eemail"] . "', " . + "`ICQ` = '" . $_POST["eICQ"] . "', " . + "`jabber` = '" . $_POST["ejabber"] . "', " . + "`Size` = '" . $_POST["eSize"] . "', " . + "`Gekommen`= '" . $_POST["eGekommen"] . "', " . + "`Aktiv`= '" . $_POST["eAktiv"] . "', " . + "`Tshirt` = '" . $_POST["eTshirt"] . "', " . + "`Hometown` = '" . $_POST["Hometown"] . "' " . + "WHERE `UID` = '" . $id . + "' LIMIT 1;"; + sql_query($SQL); + $html .= success("Änderung wurde gespeichert...\n"); + break; + + case 'change_pw' : + if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { + sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + $html .= success("Passwort neu gesetzt."); + } else { + $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!"); + } + break; + } + } + } else { + // Userliste, keine UID uebergeben... + + $html .= "<a href=\"" . page_link_to("register") . "\">Neuen Engel eintragen »</a><br /><br />\n"; + + if (!isset ($_GET["OrderBy"])) + $_GET["OrderBy"] = "Nick"; + $SQL = "SELECT * FROM `User` ORDER BY `" . sql_escape($_GET["OrderBy"]) . "` ASC"; + $Erg = sql_query($SQL); + + // anzahl zeilen + $Zeilen = mysql_num_rows($Erg); + + $html .= "Anzahl Engel: $Zeilen<br /><br />\n"; + $html .= ' + <table width="100%" class="border" cellpadding="2" cellspacing="1"> <thead> + <tr class="contenttopic"> + <th> + <a href="' . page_link_to("admin_user") . '&OrderBy=Nick">Nick</a> + </th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=Vorname">Vorname</a> <a href="' . page_link_to("admin_user") . '&OrderBy=Name">Name</a></th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=Alter">Alter</a></th> + <th> + <a href="' . page_link_to("admin_user") . '&OrderBy=email">E-Mail</a> + </th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=Size">Größe</a></th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=Gekommen">Gekommen</a></th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=Aktiv">Aktiv</a></th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=Tshirt">T-Shirt</a></th> + <th><a href="' . page_link_to("admin_user") . '&OrderBy=CreateDate">Registriert</a></th> + <th>Änd.</th> + </tr></thead>'; + $Gekommen = 0; + $Active = 0; + $Tshirt = 0; + + for ($n = 0; $n < $Zeilen; $n++) { + $title = ""; + $user_groups = sql_select("SELECT * FROM `UserGroups` JOIN `Groups` ON (`Groups`.`UID` = `UserGroups`.`group_id`) WHERE `UserGroups`.`uid`=" . sql_escape(mysql_result($Erg, $n, "UID")) . " ORDER BY `Groups`.`Name`"); + $groups = array (); + foreach ($user_groups as $user_group) { + $groups[] = $user_group['Name']; + } + $title .= 'Groups: ' . join(", ", $groups) . "<br />"; + if (strlen(mysql_result($Erg, $n, "Telefon")) > 0) + $title .= "Tel: " . mysql_result($Erg, $n, "Telefon") . "<br />"; + if (strlen(mysql_result($Erg, $n, "Handy")) > 0) + $title .= "Handy: " . mysql_result($Erg, $n, "Handy") . "<br />"; + if (strlen(mysql_result($Erg, $n, "DECT")) > 0) + $title .= "DECT: <a href=\"./dect.php?custum=" . mysql_result($Erg, $n, "DECT") . "\">" . + mysql_result($Erg, $n, "DECT") . "</a><br />"; + if (strlen(mysql_result($Erg, $n, "Hometown")) > 0) + $title .= "Hometown: " . mysql_result($Erg, $n, "Hometown") . "<br />"; + if (strlen(mysql_result($Erg, $n, "lastLogIn")) > 0) + $title .= "Last login: " . date("Y-m-d H:i", mysql_result($Erg, $n, "lastLogIn")) . "<br />"; + if (strlen(mysql_result($Erg, $n, "Art")) > 0) + $title .= "Type: " . mysql_result($Erg, $n, "Art") . "<br />"; + if (strlen(mysql_result($Erg, $n, "ICQ")) > 0) + $title .= "ICQ: " . mysql_result($Erg, $n, "ICQ") . "<br />"; + if (strlen(mysql_result($Erg, $n, "jabber")) > 0) + $title .= "jabber: " . mysql_result($Erg, $n, "jabber") . "<br />"; + + $html .= "<tr class=\"content\">\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "Nick") . "</td>\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "Vorname") . " " . mysql_result($Erg, $n, "Name") . "</td>\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "Alter") . "</td>\n"; + $html .= "\t<td>"; + if (strlen(mysql_result($Erg, $n, "email")) > 0) + $html .= "<a href=\"mailto:" . mysql_result($Erg, $n, "email") . "\">" . + mysql_result($Erg, $n, "email") . "</a>"; + $html .= '<div class="hidden">' . $title . '</div>'; + $html .= "</td>\n"; + $html .= "\t<td>" . mysql_result($Erg, $n, "Size") . "</td>\n"; + $Gekommen += mysql_result($Erg, $n, "Gekommen"); + $html .= "\t<td>" . mysql_result($Erg, $n, "Gekommen") . "</td>\n"; + $Active += mysql_result($Erg, $n, "Aktiv"); + $html .= "\t<td>" . mysql_result($Erg, $n, "Aktiv") . "</td>\n"; + $Tshirt += mysql_result($Erg, $n, "Tshirt"); + $html .= "\t<td>" . mysql_result($Erg, $n, "Tshirt") . "</td>\n"; + $html .= "<td>" . mysql_result($Erg, $n, "CreateDate") . "</td>"; + $html .= "\t<td>" . '<a href="' . page_link_to("admin_user") . '&id=' . mysql_result($Erg, $n, "UID") . '">Edit</a>' . + "</td>\n"; + $html .= "</tr>\n"; + } + $html .= "<tr>" . + "<td></td><td></td><td></td><td></td><td></td>" . + "<td>$Gekommen</td><td>$Active</td><td>$Tshirt</td><td></td><td></td></tr>\n"; + $html .= "\t</table>\n"; + // Ende Userliste + + $html .= "<hr /><h2>Statistics</h2>"; + $html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`"); + + $html .= "<br />\n"; + + $html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`"); + + $html .= "<br />\n"; + + $html .= funktion_db_element_list_2row("Used Groups", "SELECT Groups.Name AS 'GroupName', COUNT(Groups.Name) AS Count FROM `UserGroups` " . + "LEFT JOIN `Groups` ON Groups.UID = UserGroups.group_id " . + "WHERE (UserGroups.group_id!='NULL') " . + "GROUP BY `GroupName` " . + ""); + } + return $html; +} +?>
\ No newline at end of file diff --git a/includes/pages/guest_credits.php b/includes/pages/guest_credits.php new file mode 100644 index 00000000..89f68fde --- /dev/null +++ b/includes/pages/guest_credits.php @@ -0,0 +1,5 @@ +<?php +function guest_credits() { + return template_render('../templates/guest_credits.html', array ()); +} +?>
\ No newline at end of file diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php new file mode 100644 index 00000000..e639731b --- /dev/null +++ b/includes/pages/guest_faq.php @@ -0,0 +1,24 @@ +<?php +function guest_faq() { + $html = ""; + $faqs = sql_select("SELECT * FROM `FAQ`"); + foreach ($faqs as $faq) { + $html .= "<dl>"; + if ($_SESSION['Sprache'] == "DE") { + $html .= sprintf( + '<dt>%s</dt> <dd>%s</dd>', + $faq['Frage_de'], + $faq['Antwort_de'] + ); + } else { + $html .= sprintf( + '<dt>%s</dt> <dd>%s</dd>', + $faq['Frage_en'], + $faq['Antwort_en'] + ); + } + $html .= "</dl>"; + } + return $html; +} +?> diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php new file mode 100644 index 00000000..db20a207 --- /dev/null +++ b/includes/pages/guest_login.php @@ -0,0 +1,269 @@ +<?php + + +// Engel registrieren +function guest_register() { + $html = ""; + $success = "none"; + + if (isset ($_POST["send"])) { + $eNick = trim($_POST["Nick"]); + + if ($_POST["Alter"] == "") + $_POST["Alter"] = 23; + + // user vorhanden? + $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'"); + + if (strlen($_POST["Nick"]) < 2) + $error = Get_Text("makeuser_error_nick1") + . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); + + elseif (count($Ergans) > 0) + $error = Get_Text("makeuser_error_nick1") + . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); + + elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) + $error = Get_Text("makeuser_error_mail"); + + elseif (!is_numeric($_POST["Alter"])) + $error = Get_Text("makeuser_error_Alter"); + + elseif ($_POST["Passwort"] != $_POST["Passwort2"]) + $error = Get_Text("makeuser_error_password1"); + + elseif (strlen($_POST["Passwort"]) < 6) + $error = Get_Text("makeuser_error_password2"); + + else { + $_POST["Passwort"] = PassCrypt($_POST["Passwort"]); + unset ($_POST["Passwort2"]); + + $Erg = sql_query("INSERT INTO `User` (" . + "`Nick` , " . "`Name` , " . + "`Vorname`, " . "`Alter` , " . + "`Telefon`, " . "`DECT`, " . + "`Handy`, " . "`email`, " . + "`ICQ`, " . "`jabber`, " . + "`Size`, " . "`Passwort`, " . + "`Art` , " . "`kommentar`, " . + "`Hometown`," . "`CreateDate`, `Sprache` ) " . + "VALUES ( '" + . sql_escape($_POST["Nick"]) . "', " . "'" + . sql_escape($_POST["Name"]) . "', " . "'" + . sql_escape($_POST["Vorname"]) . "', " . "'" + . sql_escape($_POST["Alter"]) . "', " . "'" + . sql_escape($_POST["Telefon"]) . "', " . "'" + . sql_escape($_POST["DECT"]) . "', " . "'" + . sql_escape($_POST["Handy"]) . "', " . "'" + . sql_escape($_POST["email"]) . "', " . "'" + . sql_escape($_POST["ICQ"]) . "', " . "'" + . sql_escape($_POST["jabber"]) . "', " . "'" + . sql_escape($_POST["Size"]) . "', " . "'" + . sql_escape($_POST["Passwort"]) . "', " . "'" + . sql_escape($_POST["Art"]) . "', " . "'" + . sql_escape($_POST["kommentar"]) . "', " . "'" + . sql_escape($_POST["Hometown"]) . "'," + . "NOW(), '" + . sql_escape($_SESSION["Sprache"]) + . "')" + ); + + if ($Erg != 1) { + $html .= Get_Text("makeuser_error_write1") . "<br />\n"; + $error = sql_error(); + } else { + $html .= "<p class=\"success\">" . Get_Text("makeuser_writeOK") . "\n"; + + $Erg3 = mysql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2"); + + if ($Erg3 != 1) { + $html .= "<h1>" . Get_Text("makeuser_error_write2") . "<br />\n"; + $error = sql_error(); + } else { + $html .= Get_Text("makeuser_writeOK2") . "<br />\n"; + $html .= "<h1>" . Get_Text("makeuser_writeOK3") . "</h1>\n"; + } + + $html .= Get_Text("makeuser_writeOK4") . "</p><p></p>\n<br /><br />\n"; + $success = "any"; + + if (isset ($SubscribeMailinglist)) { + if ($_POST["subscribe-mailinglist"] == "") { + $headers = "From: " . $_POST["email"] . "\r\n" . + "X-Mailer: PHP/" . phpversion(); + mail($SubscribeMailinglist, "subject", "message", $headers); + } + } + } + } + + if (isset ($error)) + $html .= error($error); + } else { + // init vars + $_POST["Nick"] = ""; + $_POST["Name"] = ""; + $_POST["Vorname"] = ""; + $_POST["Alter"] = ""; + $_POST["Telefon"] = ""; + $_POST["DECT"] = ""; + $_POST["Handy"] = ""; + $_POST["email"] = ""; + $_POST["subscribe-mailinglist"] = ""; + $_POST["ICQ"] = ""; + $_POST["jabber"] = ""; + $_POST["Size"] = "L"; + $_POST["Art"] = ""; + $_POST["kommentar"] = ""; + $_POST["Hometown"] = ""; + } + + if ($success == "none") { + $html .= "<h1>" . Get_Text("makeuser_text0") . "</h1>\n"; + $html .= "<h2>" . Get_Text("makeuser_text1") . "</h2>\n"; + $html .= "<form action=\"\" method=\"post\">\n"; + $html .= "<table>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Nickname") . "*</td><td><input type=\"text\" size=\"40\" name=\"Nick\" value=\"" . $_POST["Nick"] . "\" /></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Nachname") . "</td><td><input type=\"text\" size=\"40\" name=\"Name\" value=\"" . $_POST["Name"] . "\" /></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Vorname") . "</td><td><input type=\"text\" size=\"40\" name=\"Vorname\" value=\"" . $_POST["Vorname"] . "\" /></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Alter") . "</td><td><input type=\"text\" size=\"40\" name=\"Alter\" value=\"" . $_POST["Alter"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Telefon") . "</td><td><input type=\"text\" size=\"40\" name=\"Telefon\" value=\"" . $_POST["Telefon"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_DECT") . "</td><td><input type=\"text\" size=\"40\" name=\"DECT\" value=\"" . $_POST["DECT"] . "\"></td><td>\n"; + $html .= "<!--a href=\"https://21c3.ccc.de/wiki/index.php/POC\"><img src=\"./pic/external.png\" alt=\"external: \">DECT</a--></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Handy") . "</td><td><input type=\"text\" size=\"40\" name=\"Handy\" value=\"" . $_POST["Handy"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_E-Mail") . "*</td><td><input type=\"text\" size=\"40\" name=\"email\" value=\"" . $_POST["email"] . "\"></td></tr>\n"; + + if (isset ($SubscribeMailinglist)) + $html .= "<tr><td>" . Get_Text("makeuser_subscribe-mailinglist") . "</td><td><input type=\"checkbox\" name=\"subscribe-mailinglist\" value=\"" . $_POST["subscribe-mailinglist"] . "\">($SubscribeMailinglist)</td></tr>\n"; + + $html .= "<tr><td>ICQ</td><td><input type=\"text\" size=\"40\" name=\"ICQ\" value=\"" . $_POST["ICQ"] . "\"></td></tr>\n"; + $html .= "<tr><td>jabber</td><td><input type=\"text\" size=\"40\" name=\"jabber\" value=\"" . $_POST["jabber"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_T-Shirt") . " Grösse*</td><td align=\"left\">\n"; + $html .= "<select name=\"Size\">\n"; + $html .= "<option value=\"S\""; + if ($_POST["Size"] == "S") + $html .= " selected"; + $html .= ">S</option>\n"; + $html .= "<option value=\"M\""; + if ($_POST["Size"] == "M") + $html .= " selected"; + $html .= ">M</option>\n"; + $html .= "<option value=\"L\""; + if ($_POST["Size"] == "L") + $html .= " selected"; + $html .= ">L</option>\n"; + $html .= "<option value=\"XL\""; + if ($_POST["Size"] == "XL") + $html .= " selected"; + $html .= ">XL</option>\n"; + $html .= "<option value=\"2XL\""; + if ($_POST["Size"] == "2XL") + $html .= " selected"; + $html .= ">2XL</option>\n"; + $html .= "<option value=\"3XL\""; + if ($_POST["Size"] == "3XL") + $html .= " selected"; + $html .= ">3XL</option>\n"; + $html .= "<option value=\"4XL\""; + if ($_POST["Size"] == "4XL") + $html .= " selected"; + $html .= ">4XL</option>\n"; + $html .= "<option value=\"5XL\""; + if ($_POST["Size"] == "5XL") + $html .= " selected"; + $html .= ">5XL</option>\n"; + $html .= "<option value=\"S-G\""; + if ($_POST["Size"] == "S-G") + $html .= " selected"; + $html .= ">S Girl</option>\n"; + $html .= "<option value=\"M-G\""; + if ($_POST["Size"] == "M-G") + $html .= " selected"; + $html .= ">M Girl</option>\n"; + $html .= "<option value=\"L-G\""; + if ($_POST["Size"] == "L-G") + $html .= " selected"; + $html .= ">L Girl</option>\n"; + $html .= "<option value=\"XL-G\""; + if ($_POST["Size"] == "XL-G") + $html .= " selected"; + $html .= ">XL Girl</option>\n"; + $html .= "</select>\n"; + $html .= "</td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Engelart") . "</td><td align=\"left\">\n"; + $html .= "<select name=\"Art\">\n"; + + $engel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `NAME`"); + foreach ($engel_types as $engel_type) { + $Name = $engel_type['Name'] . Get_Text("inc_schicht_engel"); + $html .= "<option value=\"" . $Name . "\""; + + if ($_POST["Art"] == $Name) + $html .= " selected"; + + $html .= ">$Name</option>\n"; + } + + $html .= "</select>\n"; + $html .= "</td>\n"; + $html .= "</tr>\n"; + $html .= "<tr>\n"; + $html .= "<td>" . Get_Text("makeuser_text2") . "</td>\n"; + $html .= "<td><textarea rows=\"5\" cols=\"40\" name=\"kommentar\">" . $_POST["kommentar"] . "</textarea></td>\n"; + $html .= "</tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Hometown") . "</td><td><input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $_POST["Hometown"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Passwort") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort\"/></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Passwort2") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort2\"/></td></tr>\n"; + $html .= "<tr><td> </td><td><input type=\"submit\" name=\"send\" value=\"" . Get_Text("makeuser_Anmelden") . "\"/></td></tr>\n"; + $html .= "</table>\n"; + $html .= "</form>\n"; + $html .= Get_Text("makeuser_text3"); + } + return $html; +} + +function guest_logout() { + unset ($_SESSION['uid']); + header("Location: " . page_link_to("start")); +} + +function guest_login() { + global $user; + unset ($_SESSION['uid']); + + $html = ""; + if (isset ($_REQUEST['login_submit'])) { + $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST["user"]) . "'"); + + if (count($login_user) == 1) { // Check, ob User angemeldet wird... + $login_user = $login_user[0]; + if ($login_user["Passwort"] == PassCrypt($_REQUEST["password"])) { // Passwort ok... + $_SESSION['uid'] = $login_user['UID']; + $_SESSION['Sprache'] = $login_user['Sprache']; + header("Location: " . page_link_to("news")); + } else { // Passwort nicht ok... + $ErrorText = "pub_index_pass_no_ok"; + } // Ende Passwort-Check + } else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung + if ($user_anz == 0) + $ErrorText = "pub_index_User_unset"; + else + $ErrorText = "pub_index_User_more_as_one"; + } // Ende Check, ob User angemeldet wurde} + } + if (isset ($ErrorText)) + $html .= error(Get_Text($ErrorText)); + $html .= guest_login_form(); + return $html; +} + +function guest_login_form() { + return template_render("../templates/guest_login_form.html", array ( + 'link' => page_link_to("login"), + 'nick' => Get_Text("index_lang_nick"), + 'pass' => Get_Text("index_lang_pass"), + 'send' => Get_Text("index_lang_send") + )); +} +?> diff --git a/includes/pages/guest_start.php b/includes/pages/guest_start.php new file mode 100644 index 00000000..286511f2 --- /dev/null +++ b/includes/pages/guest_start.php @@ -0,0 +1,13 @@ +<?php +function guest_start() { + require_once ('includes/pages/guest_login.php'); + $html = "<p>" . Get_Text("index_text1") . "</p>\n"; + $html .= "<p>" . Get_Text("index_text2") . "</p>\n"; + $html .= "<p>" . Get_Text("index_text3") . "</p>\n"; + + $html .= guest_login_form(); + + $html .= "<h6>" . Get_Text("index_text4") . "</h6>"; + return $html; +} +?>
\ No newline at end of file diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php new file mode 100644 index 00000000..a13b28f0 --- /dev/null +++ b/includes/pages/user_messages.php @@ -0,0 +1,239 @@ +<?php +function user_unread_messages() { + global $user, $privileges; + + if (in_array("user_messages", $privileges)) { + $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID'])); + + if ($new_messages > 0) + return sprintf( + '<p class="notice"><a href="%s">%s %s %s</a></p><hr />', + page_link_to("user_messages"), + Get_Text("pub_messages_new1"), + $new_messages, + Get_Text("pub_messages_new2") + ); + } + + return ""; +} + +function user_messages() { + global $user; + + if (!isset ($_REQUEST['action'])) { + $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" + . sql_escape($user['UID']) . " ORDER BY `Nick`"); + + $to_select_data = array ( + "" => "Select receiver..." + ); + + foreach ($users as $u) + $to_select_data[$u['UID']] = $u['Nick']; + + $to_select = html_select_key('to', $to_select_data, ''); + + $messages_html = ""; + $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" + . sql_escape($user['UID']) + . " OR `RUID`=" . sql_escape($user['UID']) + . " ORDER BY `isRead`,`Datum` DESC" + ); + foreach ($messages as $message) { + + $messages_html .= sprintf( + '<tr %s> <td>%s</td> <td>%s</td> <td>%s</td> <td>%s</td>' + .'<td>%s</td>', + ($message['isRead'] == 'N' ? ' class="new_message"' : ''), + ($message['isRead'] == 'N' ? '•' : ''), + date("Y-m-d H:i", $message['Datum']), + UID2Nick($message['SUID']), + UID2Nick($message['RUID']), + str_replace("\n", '<br />', $message['Text']) + ); + + $messages_html .= '<td>'; + if ($message['RUID'] == $user['UID']) { + if ($message['isRead'] == 'N') + $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>'; + } else { + $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>'; + } + $messages_html .= '</td></tr>'; + } + + return template_render('../templates/user_messages.html', array ( + 'link' => page_link_to("user_messages"), + 'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n" + . Get_Text("pub_messages_text1") . "<br /><br />\n", + 'messages' => $messages_html, + 'new_label' => Get_Text("pub_messages_Neu"), + 'date_label' => Get_Text("pub_messages_Datum"), + 'from_label' => Get_Text("pub_messages_Von"), + 'to_label' => Get_Text("pub_messages_An"), + 'text_label' => Get_Text("pub_messages_Text"), + 'date' => date("Y-m-d H:i"), + 'from' => $user['Nick'], + 'to_select' => $to_select, + 'submit_label' => Get_Text("save") + )); + } else { + switch ($_REQUEST['action']) { + case "read" : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Message ID."); + + $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { + sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("user_messages")); + } else + return error("No Message found."); + break; + + case "delete" : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Message ID."); + + $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { + sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("user_messages")); + } else + return error("No Message found."); + break; + + case "send" : + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); + $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to'])); + if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { + sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); + header("Location: " . page_link_to("user_messages")); + } else { + return error(Get_Text("pub_messages_Send_Error")); + } + break; + } + return ""; + } + + if (!isset ($_GET["action"])) + $_GET["action"] = "start"; + + switch ($_GET["action"]) { + case "start" : + echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n"; + echo Get_Text("pub_messages_text1") . "<br /><br />\n"; + + //show exist Messages + $SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'"; + $erg = mysql_query($SQL, $con); + + echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; + echo "<tr>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n"; + echo "<td class=\"contenttopic\"></td>\n"; + echo "</tr>\n"; + + for ($i = 0; $i < mysql_num_rows($erg); $i++) { + echo "<tr class=\"content\">\n"; + echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n"; + echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n"; + echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n"; + echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n"; + echo "<td>"; + + if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) { + echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>"; + + if (mysql_result($erg, $i, "isRead") == "N") + echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>"; + } else { + if (mysql_result($erg, $i, "isRead") == "N") + echo Get_Text("pub_messages_NotRead"); + } + + echo "</td>\n"; + echo "</tr>\n"; + } + + // send Messeges + echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">"; + echo "<tr class=\"content\">\n"; + echo "<td></td>\n"; + echo "<td></td>\n"; + + // Listet alle Nicks auf + echo "<td><select name=\"RUID\">\n"; + + $usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`"; + $uErg = mysql_query($usql, $con); + $urowcount = mysql_num_rows($uErg); + + for ($k = 0; $k < $urowcount; $k++) { + echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n"; + } + + echo "</select></td>\n"; + echo "<td><textarea name=\"Text\" cols=\"30\" rows=\"10\"></textarea></td>\n"; + echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n"; + echo "</tr>\n"; + echo "</form>"; + + echo "</table>\n"; + break; + + case "SendMsg" : + echo Get_Text("pub_messages_Send1") . "...<br />\n"; + + $SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" . + "'" . gmdate("Y-m-j H:i:s", time()) . "', " . + "'" . $_SESSION["UID"] . "', " . + "'" . $_POST["RUID"] . "', " . + "'" . $_POST["Text"] . "');"; + + $Erg = mysql_query($SQL, $con); + + if ($Erg == 1) + echo Get_Text("pub_messages_Send_OK") . "\n"; + else + echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")"; + break; + + case "MarkRead" : + $SQL = "UPDATE `Messages` SET `isRead` = 'Y' " . + "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " . + "LIMIT 1 ;"; + $Erg = mysql_query($SQL, $con); + + if ($Erg == 1) + echo Get_Text("pub_messages_MarkRead_OK") . "\n"; + else + echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")"; + break; + + case "DelMsg" : + $SQL = "DELETE FROM `Messages` " . + "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " . + "LIMIT 1;"; + $Erg = mysql_query($SQL, $con); + + if ($Erg == 1) + echo Get_Text("pub_messages_DelMsg_OK") . "\n"; + else + echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")"; + break; + + default : + echo Get_Text("pub_messages_NoCommand"); + } +} +?> diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php new file mode 100644 index 00000000..818c2da2 --- /dev/null +++ b/includes/pages/user_news.php @@ -0,0 +1,168 @@ +<?php +function user_meetings() { + global $DISPLAY_NEWS, $privileges, $user; + + $html = ""; + + if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) + $page = $_REQUEST['page']; + else + $page = 0; + + $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS); + foreach ($news as $entry) + $html .= display_news($entry); + + $html .= "<div class=\"pagination\">\n\n"; + $dis_rows = ceil(sql_num_query("SELECT * FROM `News` WHERE `Treffen`=1") / $DISPLAY_NEWS); + + $html .= Get_Text(5); + + for ($i = 0; $i < $dis_rows; $i++) { + if ($i == $_REQUEST['page']) + $html .= ($i +1) . " "; + else + $html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i +1) . '</a> '; + } + $html .= '</div>'; + return $html; +} + +function display_news($news) { + global $privileges, $p; + + $html .= ""; + $html .= '<article class="news' . ($news['Treffen'] == 1 ? ' meeting' : '') . '">'; + $html .= '<details>'; + $html .= date("Y-m-d H:i", $news['Datum']) . ', '; + $html .= UID2Nick($news['UID']); + if ($p != "news_comments") + $html .= ', <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '">Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') »</a>'; + $html .= '</details>'; + $html .= '<h3>' . ($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '</h3>'; + $html .= '<p>' . ReplaceSmilies(nl2br($news['Text'])) . '</p>'; + if (in_array("admin_news", $privileges)) + $html .= "<details><a href=\"" . page_link_to("admin_news") . "&action=edit&id=" . $news['ID'] . "\">Edit</a></details>\n"; + + $html .= '</article>'; + return $html; +} + +function user_news_comments() { + global $user; + + $html = ""; + if (isset ($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1") > 0) { + $nid = $_REQUEST["nid"]; + list ($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1"); + if (isset ($_REQUEST["text"])) { + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); + sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); + $html .= success("Eintrag wurde gespeichert"); + } + + $html .= '<a href="' . page_link_to("news") . '">« Back</a>'; + $html .= display_news($news); + + $html .= '<h2>Kommentare</h2>'; + + $comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . $nid . "' ORDER BY 'ID'"); + foreach ($comments as $comment) { + $html .= '<article class="news_comment">'; + $html .= DisplayAvatar($comment['UID']); + $html .= '<details>'; + $html .= $comment['Datum'] . ', '; + $html .= UID2Nick($comment['UID']); + $html .= '</details>'; + $html .= '<p>' . nl2br($comment['Text']) . '</p>'; + $html .= '</article>'; + } + + $html .= "</table>"; + $html .= ' + <br /> + <hr> + <h2>Neuer Kommentar:</h2> + <a name="Neu"> </a> + + <form action="' . page_link_to("news_comments") . '" method="post"> + <input type="hidden" name="nid" value="' . $_REQUEST["nid"] . '"> + <table> + <tr> + <td align="right" valign="top">Text:</td> + <td><textarea name="text" cols="50" rows="10"></textarea></td> + </tr> + </table> + <br /> + <input type="submit" value="sichern..."> + </form>'; + } else { + $html .= "Fehlerhafter Aufruf!"; + } + + return $html; +} + +function user_news() { + global $DISPLAY_NEWS, $privileges, $user; + + $html = ""; + + if (isset ($_POST["text"]) && isset ($_POST["betreff"])) { + if (!isset ($_POST["treffen"]) || !in_array("admin_news", $privileges)) + $_POST["treffen"] = 0; + sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . + "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . + "', '" . sql_escape($_POST["treffen"]) . "');"); + $html .= success(Get_Text(4)); + } + + if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) + $page = $_REQUEST['page']; + else + $page = 0; + + $news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS); + foreach ($news as $entry) + $html .= display_news($entry); + + $html .= "<div class=\"pagination\">\n\n"; + $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS); + + $html .= Get_Text(5); + + for ($i = 0; $i < $dis_rows; $i++) { + if ($i == $_REQUEST['page']) + $html .= ($i +1) . " "; + else + $html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i +1) . '</a> '; + } + $html .= '</div> + <br /><hr /> + <h2>' . Get_Text(6) . '</h2> + <a name="Neu"> </a> + + <form action="" method="post"> + <table> + <tr> + <td align="right">' . Get_Text(7) . '</td> + <td><input type="text" name="betreff" size="60"></td> + </tr> + <tr> + <td align="right">' . Get_Text(8) . '</td> + <td><textarea name="text" cols="50" rows="10"></textarea></td> + </tr>'; + if (in_array('admin_news', $privileges)) { + $html .= ' <tr> + <td align="right">' . Get_Text(9) . '</td> + <td><input type="checkbox" name="treffen" size="1" value="1"></td> + </tr>'; + + } + $html .= '</table> + <br /> + <input type="submit" value="' . Get_Text("save") . '"> + </form>'; + return $html; +} +?>
\ No newline at end of file diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php new file mode 100644 index 00000000..4e9daa5a --- /dev/null +++ b/includes/pages/user_questions.php @@ -0,0 +1,50 @@ +<?php +function user_questions() { + global $user; + + if (!isset ($_REQUEST['action'])) { + $open_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0 AND `UID`=" . sql_escape($user['UID'])); + foreach ($questions as $question) + $open_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td><td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>'; + + $answered_questions = ""; + $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0 AND `UID`=" . sql_escape($user['UID'])); + foreach ($questions as $question) { + $answered_questions .= '<tr><td>' . str_replace("\n", '<br />', $question['Question']) . '</td>'; + $answered_questions .= '<td>' . UID2Nick($question['AID']) . '</td><td>' . str_replace("\n", '<br />', $question['Answer']) . '</td>'; + $answered_questions .= '<td><a href="' . page_link_to("user_questions") . '&action=delete&id=' . $question['QID'] . '">Delete</a></td><tr>'; + } + + return template_render('../templates/user_questions.html', array ( + 'link' => page_link_to("user_questions"), + 'open_questions' => $open_questions, + 'answered_questions' => $answered_questions + )); + } else { + switch ($_REQUEST['action']) { + case 'ask' : + $question = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']))); + if ($question != "") { + sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'"); + header("Location: " . page_link_to("user_questions")); + } else + return error("Please enter a question!"); + break; + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Question ID."); + + $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + if (count($question) > 0 && $question[0]['UID'] == $user['UID']) { + sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("user_questions")); + } else + return error("No question found."); + break; + } + } +} +?>
\ No newline at end of file diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php new file mode 100644 index 00000000..97c8626f --- /dev/null +++ b/includes/pages/user_settings.php @@ -0,0 +1,252 @@ +<?php +function user_settings() { + global $user; + + if (!isset ($_REQUEST['action'])) { + $tshirt_html = template_render('../templates/user_settings_tshirt.html', array ( + 'label_size' => Get_Text("makeuser_T-Shirt"), + 'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', array ( + 'S' => "S", + 'M' => "M", + 'L' => "L", + 'XL' => "XL", + '2XL' => "2XL", + '3XL' => "3XL", + '4XL' => "4XL", + '5XL' => "5XL", + 'S-G' => "S Girl", + 'M-G' => "M Girl", + 'L-G' => "L Girl", + 'XL-G' => "XL Girl" + ), $user['Size']) : $user['Size'] + )); + + return template_render('../templates/user_settings.html', array ( + 'link' => page_link_to("user_settings"), + 'greeting' => Get_Text("Hallo") . $user['Nick'] . ",<br />" . Get_Text(13), + 'text_user_data' => Get_Text("pub_einstellungen_Text_UserData"), + 'label_nick' => Get_Text("pub_einstellungen_Nick"), + 'label_name' => Get_Text("pub_einstellungen_Name"), + 'label_prename' => Get_Text("pub_einstellungen_Vorname"), + 'label_age' => Get_Text("pub_einstellungen_Alter"), + 'label_tel' => Get_Text("pub_einstellungen_Telefon"), + 'label_mobile' => Get_Text("pub_einstellungen_Handy"), + 'label_dect' => Get_Text("pub_einstellungen_DECT"), + 'label_mail' => Get_Text("pub_einstellungen_Email"), + 'label_hometown' => Get_Text("pub_einstellungen_Hometown"), + 'nick' => $user['Nick'], + 'name' => $user['Name'], + 'prename' => $user['Vorname'], + 'age' => $user['Alter'], + 'tel' => $user['Telefon'], + 'mobile' => $user['Handy'], + 'dect' => $user['DECT'], + 'mail' => $user['email'], + 'icq' => $user['ICQ'], + 'jabber' => $user['jabber'], + 'hometown' => $user['Hometown'], + 'label_save' => Get_Text("save"), + 'tshirts' => $tshirt_html, + 'text_password' => Get_Text(14), + 'current_pw_label' => Get_Text(15), + 'new_pw_label' => Get_Text(16), + 'new_pw2_label' => Get_Text(17), + 'text_theme' => Get_Text(18), + 'theme_label' => Get_Text(19), + 'theme_select' => html_select_key('theme', array ( + "1" => "Standard-Style", + "2" => "ot/Gelber Style", + "3" => "Club-Mate Style", + "5" => "Debian Style", + "6" => "c-base Style", + "7" => "Blau/Gelber Style", + "8" => "Pastel Style", + "4" => "Test Style", + "9" => "Test Style 21c3", + "10" => "msquare (cccamp2011)" + ), $user['color']), + 'text_language' => Get_Text(20), + 'language_label' => Get_Text(21), + 'language_select' => html_select_key('language', array ( + 'DE' => "Deutsch", + 'EN' => "English" + ), $user['Sprache']) + )); + } else { + switch ($_REQUEST['action']) { + case 'sprache' : + if (isset ($_REQUEST['language']) && preg_match("/^DE|EN$/", $_REQUEST['language'])) + $language = $_REQUEST['language']; + else + $language = "EN"; + sql_query("UPDATE `User` SET " . "`Sprache`='" . sql_escape($language) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1"); + $_SESSION['Sprache'] = $language; + header("Location: " . page_link_to("user_settings")); + break; + + case 'colour' : + $theme = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['theme'])); + sql_query("UPDATE `User` SET " . "`color`='" . sql_escape($theme) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1"); + header("Location: " . page_link_to("user_settings")); + break; + + case 'set' : + $html = ""; + if ($_REQUEST["new_pw"] == $_REQUEST["new_pw2"]) { + if (PassCrypt($_REQUEST["current_pw"]) == $user['Passwort']) { + sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1"); + header("Location: " . page_link_to("user_settings")); + } else { + $html .= error(Get_Text(30)); + } + } else { + $html .= error(Get_Text(31)); + } + return $html; + break; + + case "setUserData" : + $nick = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['nick'])); + $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['name'])); + $prename = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['prename'])); + $age = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['age'])); + $tel = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['tel'])); + $mobile = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['mobile'])); + $dect = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['dect'])); + $mail = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['mail'])); + $icq = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['icq'])); + $jabber = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['jabber'])); + $hometown = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['hometown'])); + $size = ($user['TShirt'] == 0) ? preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['size'])) : $user['Size']; + + sql_query("UPDATE `User` SET " . + "`Nick`='" . sql_escape($nick) . "', " . + "`Name`='" . sql_escape($name) . "', " . + "`Vorname`='" . sql_escape($prename) . "', " . + "`Alter`='" . sql_escape($age) . "', " . + "`Telefon`='" . sql_escape($tel) . "', " . + "`Handy`='" . sql_escape($mobile) . "', " . + "`DECT`='" . sql_escape($dect) . "', " . + "`email`='" . sql_escape($mail) . "', " . + "`ICQ`='" . sql_escape($icq) . "', " . + "`jabber`='" . sql_escape($jabber) . "', " . + "`Hometown`='" . sql_escape($hometown) . "', " . + "`Size`='" . sql_escape($size) . "' " . + "WHERE `UID`=" . sql_escape($user['UID']) . " LIMIT 1"); + header("Location: " . page_link_to("user_settings")); + break; + } + } + + // AVATARE + /* + if (get_cfg_var("file_uploads")) { + echo "<br />\n<hr width=\"100%\">\n<br />\n\n"; + echo Get_Text('pub_einstellungen_PictureUpload') . "<br />"; + echo "<form action=\"./einstellungen.php\" method=\"post\" enctype=\"multipart/form-data\">\n"; + echo "<input type=\"hidden\" name=\"action\" value=\"sendPicture\">\n"; + echo "<input name=\"file\" type=\"file\" size=\"50\" maxlength=\"" . get_cfg_var("post_max_size") . "\">\n"; + echo "(max " . get_cfg_var("post_max_size") . "Byte)<br />\n"; + echo "<input type=\"submit\" value=\"" . Get_Text("upload"), "\">\n"; + echo "</form>\n"; + } + + switch (GetPicturShow($_SESSION['UID'])) { + case 'Y' : + echo Get_Text('pub_einstellungen_PictureShow') . "<br />"; + echo displayPictur($_SESSION['UID'], 0); + echo "<form action=\"./einstellungen.php\" method=\"post\">\n"; + echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n"; + echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n"; + echo "</form>\n"; + break; + case 'N' : + echo Get_Text('pub_einstellungen_PictureNoShow') . "<br />"; + echo displayPictur($_SESSION['UID'], 0); + echo "<form action=\"./einstellungen.php\" method=\"post\">\n"; + echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n"; + echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n"; + echo "</form>\n"; + echo "<br />\n<hr width=\"100%\">\n<br />\n\n"; + case '' : + echo "<br />\n<hr width=\"100%\">\n<br />\n\n"; + echo Get_Text(22) . "<br />"; + echo "\n<form action=\"./einstellungen.php\" method=\"post\">\n"; + echo "<input type=\"hidden\" name=\"action\" value=\"avatar\">\n"; + echo "<table>\n"; + echo "<tr>\n<td>" . Get_Text(23) . "<br /></td>\n</tr>\n"; + echo "<tr>\n"; + echo "<td>\n"; + echo "<select name=\"eAvatar\" onChange=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value + '.gif'\" onKeyup=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value + '.gif'\">\n"; + + for ($i = 1; file_exists("../pic/avatar/avatar" . $i . ".gif"); $i++) + echo "<option value=\"" . $i . "\"" . ($_SESSION['Avatar'] == $i ? " selected" : "") . ">avatar" . $i . "</option>\n"; + + echo "</select> \n"; + echo "<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . $_SESSION['Avatar'] . ".gif\" name=\"avatar\" border=\"0\" align=\"top\">\n"; + echo "</td>\n</tr>\n"; + echo "</table>\n"; + echo "<input type=\"submit\" value=\"" . Get_Text("save") . "\">\n"; + echo "</form>\n"; + break; + } //CASE + + } else { + switch ($_POST["action"]) { + + case 'avatar' : + $chsql = "UPDATE `User` SET `Avatar`='" . $_POST["eAvatar"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1"; + $Erg = mysql_query($chsql, $con); + $_SESSION['Avatar'] = $_POST["eAvatar"]; + if ($Erg == 1) + Print_Text(34); + else + Print_Text(29); + break; + + case 'setUserData' : + + break; + + case 'sendPicture' : + if ($_FILES["file"]["size"] > 0) { + if (($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/gif")) { + $data = addslashes(fread(fopen($_FILES["file"]["tmp_name"], "r"), filesize($_FILES["file"]["tmp_name"]))); + + if (GetPicturShow($_SESSION['UID']) == "") + $SQL = "INSERT INTO `UserPicture` " . + "( `UID`,`Bild`, `ContentType`, `show`) " . + "VALUES ('" . $_SESSION['UID'] . "', '$data', '" . $_FILES["file"]["type"] . "', 'N')"; + else + $SQL = "UPDATE `UserPicture` SET " . + "`Bild`='$data', " . + "`ContentType`='" . $_FILES["file"]["type"] . "', " . + "`show`='N' " . + "WHERE `UID`='" . $_SESSION['UID'] . "'"; + + $res = mysql_query($SQL, $con); + if ($res) + Print_Text("pub_einstellungen_send_OK"); + else + Print_Text("pub_einstellungen_send_KO"); + + echo "<h6>('" . $_FILES["file"]["name"] . "', MIME-Type: " . $_FILES["file"]["type"] . ", " . $_FILES["file"]["size"] . " Byte)</h6>"; + } else + Print_Text("pub_einstellungen_send_KO"); + } else + Print_Text("pub_einstellungen_send_KO"); + break; + + case 'delPicture' : + $chsql = "DELETE FROM `UserPicture` WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1"; + $Erg = mysql_query($chsql, $con); + if ($Erg == 1) + Print_Text("pub_einstellungen_del_OK"); + else + Print_Text("pub_einstellungen_del_KO"); + Break; + } + } + */ +} +?> diff --git a/includes/pages/user_wakeup.php b/includes/pages/user_wakeup.php new file mode 100644 index 00000000..2c6940e7 --- /dev/null +++ b/includes/pages/user_wakeup.php @@ -0,0 +1,86 @@ +<?php +function user_wakeup() { + global $user; + + $html = ""; + + if (isset ($_REQUEST['action'])) { + switch ($_REQUEST['action']) { + case 'create' : + $date = DateTime::createFromFormat("Y-m-d H:i", $_REQUEST['Date']); + if ($date != null) { + $date = $date->getTimestamp(); + $bemerkung = strip_request_item_nl('Bemerkung'); + $ort = strip_request_item('Ort'); + $SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) " + . "VALUES ('" . sql_escape($user['UID']) . "', '" + . sql_escape($date) . "', '" . sql_escape($ort) . "', " . "'" + . sql_escape($bemerkung) . "')"; + sql_query($SQL); + $html .= success(Get_Text(4)); + } else + $html .= error("Broken date!"); + break; + + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing wake-up ID."); + + $wakeup = sql_select("SELECT * FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($wakeup) > 0 && $wakeup[0]['UID'] == $user['UID']) { + sql_query("DELETE FROM `Wecken` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + $html .= success("Wake-up call deleted."); + } else + return error("No wake-up found."); + break; + } + } + + $html .= "<p>" . Get_Text("Hello") . $user['Nick'] . ",<br />" + . Get_Text("pub_wake_beschreibung") . "</p>\n\n"; + $html .= Get_Text("pub_wake_beschreibung2"); + $html .= ' +<table border="0" width="100%" class="border" cellpadding="2" cellspacing="1"> + <tr class="contenttopic"> + <th>' . Get_Text("pub_wake_Datum") . '</th> + <th>' . Get_Text("pub_waeckliste_Nick") . '</th> + <th>' . Get_Text("pub_wake_Ort") . '</th> + <th>' . Get_Text("pub_wake_Bemerkung") . '</th> + <th></th> + </tr> +'; + + $sql = "SELECT * FROM `Wecken` ORDER BY `Date` ASC"; + $Erg = sql_query($sql); + $count = mysql_num_rows($Erg); + + for ($i = 0; $i < $count; $i++) { + $row = mysql_fetch_row($Erg); + $html .= '<tr class="content">'; + $html .= '<td>' . date("Y-m-d H:i", mysql_result($Erg, $i, "Date")) . ' </td>'; + $html .= '<td>' . UID2Nick(mysql_result($Erg, $i, "UID")) . ' </td>'; + $html .= '<td>' . mysql_result($Erg, $i, "Ort") . ' </td>'; + $html .= '<td>' . mysql_result($Erg, $i, "Bemerkung") . ' </td>'; + if (mysql_result($Erg, $i, "UID") == $user['UID']) + $html .= '<td><a href="' . page_link_to("user_wakeup") . '&action=delete&id=' . mysql_result($Erg, $i, "ID") . "\">" . Get_Text("pub_wake_del") . '</a></td>'; + else + $html .= '<td></td>'; + $html .= '</tr>'; + } + + $html .= '</table><hr />' . Get_Text("pub_wake_Text2"); + + $html .= template_render('../templates/user_wakeup.html', array ( + 'wakeup_link' => page_link_to("user_wakeup"), + 'date_text' => Get_Text("pub_wake_Datum"), + 'date_value' => date("Y-m-d H:i"), + 'place_text' => Get_Text("pub_wake_Ort"), + 'comment_text' => Get_Text("pub_wake_Bemerkung"), + 'comment_value' => "Knock knock Leo, follow the white rabbit to the blue tent", + 'submit_text' => Get_Text("pub_wake_bouton") + )); + return $html; +} +?> diff --git a/includes/secure.php b/includes/secure.php deleted file mode 100755 index d6b5c512..00000000 --- a/includes/secure.php +++ /dev/null @@ -1,41 +0,0 @@ -<?php -//soll dein funktion entahlten die alle übergebenen parameter überprüft -//'`'" - -if( $DEBUG) - echo "secure.php START<br>\n"; - -foreach ($_GET as $k => $v) -{ -// $v = htmlspecialchars($v, ENT_QUOTES); -// $v = mysql_escape_string($v); - $v = htmlentities($v, ENT_QUOTES); - if (preg_match('/([\'"`\'])/', $v, $match)) - { - print "sorry get has illegal char '$match[1]'"; - exit; - } - $_GET[$k] = $v; - - if( $DEBUG) - echo "GET $k=\"$v\"<br>"; -} - -foreach ($_POST as $k => $v) -{ -// $v = htmlspecialchars($v, ENT_QUOTES); -// $v = mysql_escape_string($v); - $v = htmlentities($v, ENT_QUOTES); - if (preg_match('/([\'"`\'])/', $v, $match)) { - print "sorry post has illegal char '$match[1]'"; - exit; - } - $_POST[$k] = $v; - - if( $DEBUG) - echo "POST $k=\"$v\"<br>"; -} -if( $DEBUG) - echo "secure.php END<br>\n"; - -?> diff --git a/includes/sys_auth.php b/includes/sys_auth.php new file mode 100644 index 00000000..15c5591a --- /dev/null +++ b/includes/sys_auth.php @@ -0,0 +1,95 @@ +<?php + + +// Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien +function load_auth() { + global $user, $privileges; + + if (!isset ($_SESSION['IP'])) + $_SESSION['IP'] = $_SERVER['REMOTE_ADDR']; + + if ($_SESSION['IP'] != $_SERVER['REMOTE_ADDR']) { + session_destroy(); + header("Location: " . link_to_page($start)); + } + + $user = null; + if (isset ($_SESSION['uid'])) { + $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_SESSION['uid']) . " LIMIT 1"); + if (count($user) > 0) { + // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten + list ($user) = $user; + sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"); + } else + unset ($_SESSION['uid']); + } + + $privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1); +} + +function PassCrypt($passwort) { + global $crypt_system; + + switch ($crypt_system) { + case "crypt" : + return "{crypt}" . crypt($passwort, "77"); + case "md5" : + return md5($passwort); + } +} + +// JSON Authorisierungs-Schnittstelle +function json_auth_service() { + global $CurrentExternAuthPass; + + header("Content-Type: application/json"); + + $User = $_REQUEST['user']; + $Pass = $_REQUEST['pw']; + $SourceOuth = $_REQUEST['so']; + + if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) { + $sql = "SELECT * FROM `User` WHERE `Nick`='" . sql_escape($User) . "'"; + $Erg = sql_query($sql); + + if (mysql_num_rows($Erg) == 1) { + if (mysql_result($Erg, 0, "Passwort") == PassCrypt($Pass)) { + $UID = mysql_result($Erg, 0, "UID"); + + $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";"); + foreach ($user_privs as $user_priv) + $privileges[] = $user_priv['name']; + + $msg = array ( + 'status' => 'success', + 'rights' => $privileges + ); + echo json_encode($msg); + die(); + } + } + } + + echo json_encode(array ( + 'status' => 'failed', + 'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too" + )); + die(); +} + +function privileges_for_user($user_id) { + $privileges = array (); + $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";"); + foreach ($user_privs as $user_priv) + $privileges[] = $user_priv['name']; + return $privileges; +} + +function privileges_for_group($group_id) { + $privileges = array (); + $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id)); + foreach ($groups_privs as $guest_priv) + $privileges[] = $guest_priv['name']; + return $privileges; +} +?> diff --git a/includes/sys_counter.php b/includes/sys_counter.php new file mode 100644 index 00000000..abcb652b --- /dev/null +++ b/includes/sys_counter.php @@ -0,0 +1,10 @@ +<?php +function counter() { + global $p; + + if (sql_num_query("SELECT `Anz` FROM `Counter` WHERE `URL`='" . sql_escape($p) . "'") == 0) + sql_query("INSERT INTO `Counter` ( `URL` , `Anz` ) VALUES ('" . sql_escape($p) . "', '1');"); + else + sql_query("UPDATE `Counter` SET `Anz` = `Anz` + 1 WHERE `URL` = '" . sql_escape($p) . "' LIMIT 1 ;"); +} +?> diff --git a/includes/sys_lang.php b/includes/sys_lang.php new file mode 100644 index 00000000..833d00b8 --- /dev/null +++ b/includes/sys_lang.php @@ -0,0 +1,26 @@ +<?php +function Get_Text($TextID, $NoError = false) { + global $con, $error_messages, $debug; + + if (!isset ($_SESSION['Sprache'])) + $_SESSION['Sprache'] = "EN"; + if ($_SESSION['Sprache'] == "") + $_SESSION['Sprache'] = "EN"; + if (isset ($_GET["SetLanguage"])) + $_SESSION['Sprache'] = $_GET["SetLanguage"]; + + $SQL = "SELECT * FROM `Sprache` WHERE TextID=\"$TextID\" AND Sprache ='" . $_SESSION['Sprache'] . "'"; + @ $Erg = mysql_query($SQL, $con); + + if (mysql_num_rows($Erg) == 1) + return (@ mysql_result($Erg, 0, "Text")); + elseif ($NoError && !$debug) return ""; + else { + return "Error Data, '$TextID' found " . mysql_num_rows($Erg) . "x"; + } +} + +function Print_Text($TextID, $NoError = false) { + echo Get_Text($TextID, $NoError); +} +?> diff --git a/includes/sys_menu.php b/includes/sys_menu.php new file mode 100644 index 00000000..dfe33216 --- /dev/null +++ b/includes/sys_menu.php @@ -0,0 +1,121 @@ +<?php +function page_link_to($page) { + return '?p=' . $page; +} + +function make_navigation() { + global $p; + global $privileges; + $menu_items = $privileges; + $menu_items[] = "faq"; + $menu = ""; + + // Standard Navigation + $menu .= make_navigation_for(Get_Text('/'), array ( + "start", + "login", + "logout", + "register", + "faq" + )); + + // Engel Navigation + $menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array ( + "news", + "user_meetings", + "user_myshifts", + "user_shifts", + "user_messages", + "user_questions", + "user_wakeup", + "user_settings" + )); + + // Admin Navigation + $menu .= make_navigation_for(Get_Text('admin/'), array ( + "admin_user", + "admin_usershifts", + "admin_questions", + "admin_angel_types", + "admin_shifts", + "admin_rooms", + "admin_groups", + "admin_faq", + "admin_language", + "admin_import", + "admin_log" + )); + return $menu; +} + +function make_navigation_for($name, $pages) { + global $privileges, $p; + + $specials = array ( + "faq" + ); + + $menu = ""; + foreach ($pages as $page) + if (in_array($page, $privileges) || in_array($page, $specials)) + $menu .= '<li' . ($page == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($page) . '">' . Get_Text($page) . '</a></li>'; + + if ($menu != "") + $menu = '<nav class="container"><h4>' . $name . '</h4><ul class="content">' . $menu . '</ul></nav>'; + return $menu; +} + +function make_menu() { + return make_navigation() . make_onlineusers() . make_langselect(); +} + +function make_onlineusers() { + global $privileges, $user; + $html = '<nav class="container"><h4>Engel online</h4>'; + + $query = "SELECT UID, Nick, lastLogIn " . "FROM User " . "WHERE (`lastLogIn` > '" . (time() - 60 * 60) . "') " . "ORDER BY lastLogIn DESC"; + $users = sql_select($query); + + if (count($users) > 0) { + $html .= "<ul class=\"content\">"; + + foreach ($users as $online_user) { + if (isset ($user) && $online_user['UID'] == $user['UID']) + continue; + + $html .= "<li>"; + + //if (isset ($user)) + //$html .= DisplayAvatar($online_user['UID']); + + // Show Admin Page + if (in_array("admin_user_edit", $privileges)) { + $html .= '<a href="admin/userChangeNormal.php?enterUID=' . $online_user['UID'] . '&Type=Normal">' . $online_user['Nick'] . '</a>'; + } else { + $html .= $online_user['Nick']; + } + $last_action = time() - $online_user['lastLogIn']; + + $html .= " " . date("i:s", $last_action); + $html .= "</li>\n"; + } + + $html .= "</ul>"; + } else { + $html .= '<p class="content">Nobody...</p>'; + } + $html .= '</nav>'; + return $html; +} + +function make_langselect() { + if (strpos($_SERVER["REQUEST_URI"], "?") > 0) + $URL = $_SERVER["REQUEST_URI"] . "&SetLanguage="; + else + $URL = $_SERVER["REQUEST_URI"] . "?SetLanguage="; + + $html = '<p class="content"><a class="sprache" href="' . $URL . 'DE"><img src="pic/flag/de.png" alt="DE" title="Deutsch"></a>'; + $html .= '<a class="sprache" href="' . $URL . 'EN"><img src="pic/flag/en.png" alt="EN" title="English"></a></p>'; + return '<nav class="container"><h4>' . Get_Text("Sprache") . '</h4>' . $html . '</nav>'; +} +?>
\ No newline at end of file diff --git a/includes/sys_mysql.php b/includes/sys_mysql.php new file mode 100644 index 00000000..c076be7c --- /dev/null +++ b/includes/sys_mysql.php @@ -0,0 +1,61 @@ +<?php +function sql_connect($host, $user, $pw, $db) { + global $con; + global $host; + + @ $con = mysql_connect($host, $user, $pw); + + if ($con == null) + die("no mysql-connection"); + + if (!mysql_select_db($db, $con)) + die("mysql db-selection failed"); + + mysql_query("SET CHARACTER SET utf8;", $con); + mysql_query("SET NAMES 'utf8'", $con); +} + +// Do select query +function sql_select($query) { + global $con; + $start = microtime(true); + if ($result = mysql_query($query, $con)) { + $data = array (); + while ($line = mysql_fetch_assoc($result)) { + array_push($data, $line); + } + return $data; + } else { + die('MySQL-query error: ' . $query . ", " . mysql_error($con)); + } +} + +// Execute a query +function sql_query($query) { + global $con; + $start = microtime(true); + if ($result = mysql_query($query, $con)) { + return $result; + } else { + die('MySQL-query error: ' . $query . ", " . mysql_error($con)); + } +} + +function sql_id() { + global $con; + return mysql_insert_id($con); +} + +function sql_escape($query) { + return mysql_real_escape_string($query); +} + +function sql_num_query($query) { + return mysql_num_rows(sql_query($query)); +} + +function sql_error() { + global $con; + return mysql_error($con); +} +?> diff --git a/includes/sys_page.php b/includes/sys_page.php new file mode 100644 index 00000000..e499cd57 --- /dev/null +++ b/includes/sys_page.php @@ -0,0 +1,26 @@ +<?php + +function strip_request_item($name) { + return preg_replace( + "/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", + '', + strip_tags($_REQUEST[$name]) + ); +} + +function strip_request_item_nl($name) { + return preg_replace( + "/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", + '', + strip_tags($_REQUEST[$name]) + ); +} + +function error($msg) { + return '<p class="error">' . $msg . '</p>'; +} + +function success($msg) { + return '<p class="success">' . $msg . '</p>'; +} +?> diff --git a/includes/sys_shift.php b/includes/sys_shift.php new file mode 100644 index 00000000..7baeb8a4 --- /dev/null +++ b/includes/sys_shift.php @@ -0,0 +1,443 @@ +<?php +function load_shift_basics() { + global $VeranstaltungsTageMax, $Room, $RoomID, $EngelType, $EngelTypeID, $TID2Name, $Veranstaltungstage; + + // erstellt ein Array der Räume + $rooms = sql_select("SELECT `RID`, `Name` FROM `Room` WHERE `Show`='Y' ORDER BY `Number`, `Name`"); + foreach ($rooms as $i => $r) { + $Room[$i] = array ( + 'RID' => $r['RID'], + 'Name' => $r['Name'] + ); + $RoomID[$r['RID']] = $r['Name']; + } + + // erstellt ein Array der Engeltypen + $engel_types = sql_select("SELECT `TID`, `Name` FROM `EngelType` ORDER BY `Name`"); + foreach ($engel_types as $engel_type) { + $EngelType[$i] = array ( + 'TID' => $engel_type['TID'], + 'Name' => $engel_type['Name'] . Get_Text("inc_schicht_engel") + ); + $EngelTypeID[$engel_type['TID']] = $engel_type['Name'] . Get_Text("inc_schicht_engel"); + $TID2Name[$engel_type['TID']] = $engel_type['Name']; + } + + // Erste Schicht suchen + $Pos = 0; + $first_shift = sql_select("SELECT `DateS` FROM `Shifts` ORDER BY `DateS` LIMIT 1"); + if (count($first_shift) > 0) { + do { + // Startdatum einlesen und link ausgeben + $DateS = substr($first_shift[0]['DateS'], 0, 10); + $VeranstaltungsTage[$Pos++] = $DateS; + + // auslesen den endes und eventuelle weitere tage ausgeben + $last_shift = sql_select("SELECT MAX(`DateE`) FROM `Shifts` WHERE ( (`DateS` like '" . sql_escape($DateS) . "%') AND NOT (`DateE` like '%00:00:00'))"); + $DateE = substr($last_shift[0]['DateE'], 0, 10); + + if (strlen($DateE) == 0) + $DateE = $DateS; + else + while ($DateS != $DateE) { + $DateS = DatumUm1TagErhoehen($DateS); + $VeranstaltungsTage[$Pos++] = $DateS; + } + + // suchen den nächsten eintrag + $first_shift = sql_select("SELECT `DateS` FROM `Shifts` " . "WHERE (`DateS` > '" . sql_escape($DateE) . " 23:59:59' ) " . "ORDER BY `DateS` " . "LIMIT 1"); + } while (count($first_shift) > 0); + } + + $VeranstaltungsTageMax = $Pos -1; +} + +/*####################################################### +# gibt die engelschischten aus # +#######################################################*/ +function ausgabe_Feld_Inhalt($SID, $Man) { + // gibt, nach �bergabe der der SchichtID (SID) und der RaumBeschreibung, + // die eingetragenden und und offenden Schichteint�ge zur�ck + global $EngelType, $EngelTypeID, $TID2Name, $con, $debug, $gmdateOffset; + + $Spalten = ""; + + if (!isset ($_GET["Icon"])) + $_GET["Icon"] = 1; + + /////////////////////////////////////////////////////////////////// + // Schow Admin Page + /////////////////////////////////////////////////////////////////// + $Spalten .= funktion_isLinkAllowed_addLink_OrEmpty("admin/schichtplan.php?action=change&SID=$SID", "edit<br />\n"); + + /////////////////////////////////////////////////////////////////// + // Ausgabe des Schichtnamens + /////////////////////////////////////////////////////////////////// + $SQL = "SELECT `URL` FROM `Shifts` WHERE (`SID` = '$SID');"; + $Erg = mysql_query($SQL, $con); + if (mysql_result($Erg, 0, 0) != "") + $Spalten .= "<a href=\"" . mysql_result($Erg, 0, 0) . "\" target=\"_black\"><u>$Man:</u></a><br />"; + else + $Spalten .= "<u>" . + $Man . ":</u><br />"; + + /////////////////////////////////////////////////////////////////// + // SQL abfrage f�r die ben�tigten schichten + /////////////////////////////////////////////////////////////////// + $SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID` = '" . sql_escape($SID) . "') ORDER BY `TID`, `UID` DESC ;"; + $Erg = mysql_query($SQL, $con); + + $Anzahl = mysql_num_rows($Erg); + $Feld = 0; + $Temp_TID_old = -1; + for ($i = 0; $i < $Anzahl; $i++) { + if (isset ($Temp[$Feld]["TID"])) + $Temp_TID_old = $Temp[$Feld]["TID"]; + if (isset ($Temp[$Feld]["UID"])) + $Temp_UID_old = $Temp[$Feld]["UID"]; + + $Temp_TID = mysql_result($Erg, $i, "TID"); + + // wenn sich der Type �ndert wird zumn�sten feld geweckselt + if ($Temp_TID_old != $Temp_TID) + $Feld++; + + $Temp[$Feld]["TID"] = $Temp_TID; + $Temp[$Feld]["UID"] = mysql_result($Erg, $i, "UID"); + + // sonderfall ersten durchlauf + if ($i == 0) { + $Temp_TID_old = $Temp[$Feld]["TID"]; + $Temp_UID_old = $Temp[$Feld]["UID"]; + } + + // ist es eine zu vergeben schicht? + if ($Temp[$Feld]["UID"] == 0) { + if (isset ($Temp[$Feld]["free"])) + $Temp[$Feld]["free"]++; + else + $Temp[$Feld]["free"] = 1; + } else + $Temp[$Feld]["Engel"][] = $Temp[$Feld]["UID"]; + } // FOR + + /////////////////////////////////////////////////////////////////// + // Aus gabe der Schicht + /////////////////////////////////////////////////////////////////// + if (isset ($Temp)) + if (count($Temp)) + foreach ($Temp as $TempEntry => $TempValue) { + if (!isset ($TempValue["free"])) + $TempValue["free"] = 0; + + // ausgabe EngelType + $Spalten .= $EngelTypeID[$TempValue["TID"]] . " "; + + // ausgabe Eingetragener Engel + if (isset ($TempValue["Engel"])) + if (count($TempValue["Engel"]) > 0) { + if (count($TempValue["Engel"]) == 1) + $Spalten .= Get_Text("inc_schicht_ist") . ":<br />\n"; + else + $Spalten .= Get_Text("inc_schicht_sind") . ":<br />\n"; + + foreach ($TempValue["Engel"] as $TempEngelEntry => $TempEngelID) { + if (funktion_isLinkAllowed("admin/user.php") === TRUE) { + // add color, wenn Engel "Gekommen" + $TempText = ((UIDgekommen($TempEngelID) == "1") ? "<span style=\"color: blue;\">" : "<span style=\"color: red;\">") . + UID2Nick($TempEngelID) . "</span>"; + } else { + $TempText = UID2Nick($TempEngelID); + } + + // add link to user + $TempText = funktion_isLinkAllowed_addLink_OrLinkText("admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal", $TempText); + + $Spalten .= " " . $TempText . + (($_GET["Icon"] == 1) ? DisplayAvatar($TempEngelID) : "") . + "<br />\n"; + + } + $Spalten = substr($Spalten, 0, strlen($Spalten) - 7); + } + + // ausgabe ben�tigter Engel + //////////////////////////// + //in vergangenheit + $SQLtime = "SELECT `DateE` FROM `Shifts` WHERE (`SID`='" . sql_escape($SID) . "' AND `DateE` >= '" . + gmdate("Y-m-d H:i:s", time() + $gmdateOffset) . "')"; + $Ergtime = mysql_query($SQLtime, $con); + if (mysql_num_rows($Ergtime) > 0) { + //wenn keien rechte definiert sind + if (!isset ($_SESSION['CVS'][$TID2Name[$TempValue["TID"]]])) + $_SESSION['CVS'][$TID2Name[$TempValue["TID"]]] = "Y"; + + if ($_SESSION['CVS'][$TID2Name[$TempValue["TID"]]] == "Y") + if ($TempValue["free"] > 0) { + $Spalten .= "<br />\n <a href=\"./schichtplan_add.php?SID=$SID&TID=" . + $TempValue["TID"] . "\">"; + $Spalten .= $TempValue["free"]; + if ($TempValue["free"] != 1) + $Spalten .= Get_Text("inc_schicht_weitere") . + " " . Get_Text("inc_schicht_Engel") . + Get_Text("inc_schicht_wird"); + else + $Spalten .= Get_Text("inc_schicht_weiterer") . + " " . Get_Text("inc_schicht_Engel") . + Get_Text("inc_schicht_werden"); + $Spalten .= Get_Text("inc_schicht_noch_gesucht"); + $Spalten .= "</a>"; + } + } else { + if (isset ($TempValue["free"])) + if ($TempValue["free"] > 0) + $Spalten .= "<br />\n <h3><a>Fehlen noch: " . + $TempValue["free"] . "</a></h3>"; + } + $Spalten .= "<br />\n"; + + } // FOREACH + return $Spalten; +} // function Ausgabe_Feld_Inhalt + +/*####################################################### +# gibt die engelschischten Druckergerecht aus # +#######################################################*/ +function Ausgabe_Feld_Inhalt_Druck($RID, $Man) { + // gibt, nach �bergabe der der SchichtID (SID) und der RaumBeschreibung, + // die eingetragenden und und offenden Schichteint�ge zur�ck + +} // function Ausgabe_Feld_Inhalt + +/*####################################################### +# Ausgabe der Raum Spalten # +#######################################################*/ +function CreateRoomShifts($raum) { + global $Spalten, $ausdatum, $con, $debug, $GlobalZeileProStunde, $error_messages; + + ///////////////////////////////////////////////////////////// + // beginnt die erste schicht vor dem heutigen tag und geht dar�ber hinaus + ///////////////////////////////////////////////////////////// + $SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` " . + "WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` > '$ausdatum 23:59:59') AND " . + "(`DateS` < '" . sql_escape($ausdatum) . " 00:00:00') ) ORDER BY `DateS`;"; + $ErgSonder = mysql_query($SQLSonder, $con); + if ((mysql_num_rows($ErgSonder) > 1)) { + if (funktion_isLinkAllowed("admin/schichtplan.php") === TRUE) { + echo "<h1>" . Get_Text("pub_schichtplan_colision") . "</h1> "; + for ($i = 0; $i < mysql_num_rows($ErgSonder); $i++) { + echo "<a href=\"./../admin/schichtplan.php?action=change&SID=" . + mysql_result($ErgSonder, $i, "SID") . "\">" . + mysql_result($ErgSonder, $i, "DateS") . + " '" . mysql_result($ErgSonder, $i, "Man") . "' (RID $raum) (00-24)" . + "</a><br />\n"; + } + } + } + elseif ((mysql_num_rows($ErgSonder) == 1)) { + $Spalten[0] .= "<td valign=\"top\" rowspan=\"" . (24 * $GlobalZeileProStunde) . "\">\n" . + "<h3>↑↑↑</h3>" . + Ausgabe_Feld_Inhalt(mysql_result($ErgSonder, 0, "SID"), mysql_result($ErgSonder, 0, "Man")) . + "<h3>↓↓↓</h3>" . + "\n</td>\n"; + return; + } + + $ZeitZeiger = 0; + + ///////////////////////////////////////////////////////////// + // beginnt die erste schicht vor dem heutigen tag? + ///////////////////////////////////////////////////////////// + $SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` " . + "WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` > '" . sql_escape($ausdatum) . " 00:00:00') AND " . + "(`DateS` < '" . sql_escape($ausdatum) . " 00:00:00') ) ORDER BY `DateS`;"; + + $ErgSonder = mysql_query($SQLSonder, $con); + if ((mysql_num_rows($ErgSonder) > 1)) { + if (funktion_isLinkAllowed("admin/schichtplan.php") === TRUE) { + echo "<h1>" . Get_Text("pub_schichtplan_colision") . "</h1> "; + for ($i = 0; $i < mysql_num_rows($ErgSonder); $i++) { + echo "<a href=\"./../admin/schichtplan.php?action=change&SID=" . + mysql_result($ErgSonder, $i, "SID") . "\">" . + mysql_result($ErgSonder, $i, "DateS") . + " '" . mysql_result($ErgSonder, $i, "Man") . "' (RID $raum) (00-xx)" . + "</a><br />\n"; + } + } + } + elseif ((mysql_num_rows($ErgSonder) == 1)) { + $ZeitZeiger = substr(mysql_result($ErgSonder, 0, "DateE"), 11, 2) + (substr(mysql_result($ErgSonder, 0, "DateE"), 14, 2) / 60); + $Spalten[0] .= "<td valign=\"top\" rowspan=\"" . ($ZeitZeiger * $GlobalZeileProStunde) . "\">\n" . + "<h3>↑↑↑</h3>" . + Ausgabe_Feld_Inhalt(mysql_result($ErgSonder, 0, "SID"), mysql_result($ErgSonder, 0, "Man")) . + "\n</td>\n"; + } + + ///////////////////////////////////////////////////////////// + // gibt die schichten f�r den tag aus + ///////////////////////////////////////////////////////////// + $SQL = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` " . + "WHERE ((`RID` = '" . sql_escape($raum) . "') and " . + "(`DateS` >= '" . sql_escape($ausdatum) . ' ' . sql_escape($ZeitZeiger) . ":00:00') and " . + "(`DateS` like '" . sql_escape($ausdatum) . "%')) ORDER BY `DateS`;"; + $Erg = mysql_query($SQL, $con); + for ($i = 0; $i < mysql_num_rows($Erg); ++ $i) { + $ZeitPos = substr(mysql_result($Erg, $i, "DateS"), 11, 2) + (substr(mysql_result($Erg, $i, "DateS"), 14, 2) / 60); + $len = mysql_result($Erg, $i, "Len"); + + if ($len <= 0) + array_push($error_messages, "Error in shift denition SID=" . mysql_result($Erg, $i, "SID") . " Len=$len"); + + if ($ZeitZeiger < $ZeitPos) { + $Spalten[$ZeitZeiger * $GlobalZeileProStunde] .= "<td valign=\"top\" rowspan=\"" . (($ZeitPos - $ZeitZeiger) * $GlobalZeileProStunde) . "\"> </td>\n"; + + $ZeitZeiger += $ZeitPos - $ZeitZeiger; + } + if ($ZeitZeiger == $ZeitPos) { + //sonderfall wenn die schicht �ber dei 24 stunden hinaus geht + // (eintrag abk�rzen, pfeiel ausgeben) + $Spalten[$ZeitZeiger * $GlobalZeileProStunde] .= "<td valign=\"top\" rowspan=\"" . + ((($len + $ZeitZeiger) ? $len : 24 - $len + $ZeitZeiger) * $GlobalZeileProStunde) . + "\">\n" . + "" . + Ausgabe_Feld_Inhalt(mysql_result($Erg, $i, "SID"), mysql_result($Erg, $i, "Man")) . + ((($ZeitZeiger + $len) > 24) ? "<h3>↓↓↓</h3>" : "") . + "\n</td>\n"; + $ZeitZeiger += $len; + } else { + echo "<h1>" . Get_Text("pub_schichtplan_colision") . "</h1> "; + echo "<a href=\"./../admin/schichtplan.php?action=change&SID=" . + mysql_result($Erg, $i, "SID") . "\">" . + mysql_result($Erg, $i, "DateS") . + " '" . mysql_result($Erg, $i, "Man") . "' " . + " (" . mysql_result($Erg, $i, "SID") . " R$raum) (xx-xx)</a><br /><br />"; + } + } + if ($ZeitZeiger < 24) + $Spalten[($ZeitZeiger * $GlobalZeileProStunde)] .= "<td valign=\"top\" rowspan=\"" . + ((24 - $ZeitZeiger) * $GlobalZeileProStunde) . + "\"> </td>\n"; +} // function CreateRoomShifts + +/*####################################################### +# Ausgabe der freien schichten # +#######################################################*/ +function showEmptyShifts() { + global $con, $debug, $RoomID, $gmdateOffset; + + echo "<table border=\"1\">\n"; + echo "<tr>\n"; + echo "<th>" . Get_Text("inc_schicht_date") . "</th>\n"; + echo "<th>" . Get_Text("inc_schicht_time") . "</th>\n"; + echo "<th>" . Get_Text("inc_schicht_room") . "</th>\n"; + echo "<th>" . Get_Text("inc_schicht_commend") . "</th>\n"; + echo "</tr>\n"; + + $sql = "SELECT `SID`, `DateS`, `Man`, `RID` FROM `Shifts` " . + "WHERE (`Shifts`.`DateS`>='" . gmdate("Y-m-d H:i:s", time() + $gmdateOffset) . "') " . + "ORDER BY `DateS`, `RID`;"; + $Erg = mysql_query($sql, $con); + + $angezeigt = 0; + for ($i = 0;($i < mysql_num_rows($Erg)) && ($angezeigt < 15); $i++) + if (isset ($RoomID[mysql_result($Erg, $i, "RID")])) + if ($RoomID[mysql_result($Erg, $i, "RID")] != "") { + $Sql2 = "SELECT `UID` FROM `ShiftEntry` " . + "WHERE `SID`=" . mysql_result($Erg, $i, "SID") . " AND " . + "`UID`='0';"; + $Erg2 = mysql_query($Sql2, $con); + + if (mysql_num_rows($Erg2) > 0) { + $angezeigt++; + echo "<tr>\n"; + echo "<td>" . substr(mysql_result($Erg, $i, "DateS"), 0, 10) . "</td>\n"; + echo "<td>" . substr(mysql_result($Erg, $i, "DateS"), 11) . "</td>\n"; + echo "<td>" . $RoomID[mysql_result($Erg, $i, "RID")] . "</td>\n"; + echo "<td>" . + ausgabe_Feld_Inhalt(mysql_result($Erg, $i, "SID"), mysql_result($Erg, $i, "Man")) . + "</td>\n"; + echo "</tr>\n"; + } + } + + echo "</table>\n"; + +} //function showEmptyShifts + +/*####################################################### +# Gibt die anzahl der Schichten im Raum zur�ck # +#######################################################*/ +function SummRoomShifts($raum) { + global $ausdatum, $con, $debug, $GlobalZeileProStunde; + + $SQLSonder = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` " . + "WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` >= '$ausdatum 00:00:00') AND " . + "(`DateS` <= '$ausdatum 23:59:59') ) ORDER BY `DateS`;"; + + $ErgSonder = mysql_query($SQLSonder, $con); + + return mysql_num_rows($ErgSonder); +} + +function DatumUm1TagErhoehen($Datum) { + $Jahr = substr($Datum, 0, 4); + $Monat = substr($Datum, 5, 2); + $Tag = substr($Datum, 8, 2); + + $Tag++; + + switch ($Monat) { + case 1 : + $Mmax = 31; + break; + case 2 : + $Mmax = 28; + break; + case 3 : + $Mmax = 31; + break; + case 4 : + $Mmax = 30; + break; + case 5 : + $Mmax = 31; + break; + case 6 : + $Mmax = 30; + break; + case 7 : + $Mmax = 31; + break; + case 8 : + $Mmax = 31; + break; + case 9 : + $Mmax = 30; + break; + case 10 : + $Mmax = 31; + break; + case 11 : + $Mmax = 30; + break; + case 12 : + $Mmax = 31; + break; + } + + if ($Tag > $Mmax) { + $Tag = 1; + $Monat++; + } + + if ($Monat > 12) { + $Monat = 1; + $Jahr++; + } + + $Tag = strlen($Tag) == 1 ? "0" . $Tag : $Tag; + $Monat = strlen($Monat) == 1 ? "0" . $Monat : $Monat; + + return ("$Jahr-$Monat-$Tag"); +} +?> diff --git a/includes/sys_template.php b/includes/sys_template.php new file mode 100644 index 00000000..7524b0cb --- /dev/null +++ b/includes/sys_template.php @@ -0,0 +1,36 @@ +<?php + + +// Load and render template +function template_render($file, $data) { + if (file_exists($file)) { + $template = file_get_contents($file); + if (is_array($data)) + foreach ($data as $name => $content) { + $template = str_replace("%" . $name . "%", $content, $template); + } + return $template; + } else { + die('Cannot find template file «' . $file . '».'); + } +} + +function html_options($name, $options, $selected = "") { + $html = ""; + foreach ($options as $value => $label) + $html .= '<input type="radio"' . ($value == $selected ? ' checked="checked"' : '') . ' name="' . $name . '" value="' . $value . '"> ' . $label; + + return $html; +} + +function html_select_key($name, $rows, $selected) { + $html = '<select name="' . $name . '">'; + foreach ($rows as $key => $row) + if (($key == $selected) || ($row == $selected)) + $html .= '<option value="' . $key . '" selected="selected">' . $row . '</option>'; + else + $html .= '<option value="' . $key . '">' . $row . '</option>'; + $html .= '</select>'; + return $html; +} +?>
\ No newline at end of file diff --git a/includes/sys_user.php b/includes/sys_user.php new file mode 100644 index 00000000..8d5a6ae6 --- /dev/null +++ b/includes/sys_user.php @@ -0,0 +1,106 @@ +<?php +function UID2Nick($UID) { + if ($UID > 0) + $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'"; + else + $SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'"; + + $Erg = sql_select($SQL); + + if (count($Erg) > 0) { + if ($UID > 0) + return $Erg[0]['Nick']; + else + return "Group-" . $Erg[0]['Name']; + } else { + if ($UID == -1) + return "Guest"; + else + return "UserID $UID not found"; + } +} + +function TID2Type($TID) { + global $con; + + $SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'"; + $Erg = mysql_query($SQL, $con); + + if (mysql_num_rows($Erg)) + return mysql_result($Erg, 0); + else + return ""; +} + +function ReplaceSmilies($neueckig) { + global $url, $ENGEL_ROOT; + + $neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig); + $neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig); + $neueckig = str_replace(";o)", "<img src=\"pic/smiles/icon_wind.gif\">", $neueckig); + $neueckig = str_replace(":)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig); + $neueckig = str_replace(":-)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig); + $neueckig = str_replace(":(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig); + $neueckig = str_replace(":-(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig); + $neueckig = str_replace(":o(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig); + $neueckig = str_replace(":o)", "<img src=\"pic/smiles/icon_lol.gif\">", $neueckig); + $neueckig = str_replace(";o(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig); + $neueckig = str_replace(";(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig); + $neueckig = str_replace(";-(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig); + $neueckig = str_replace("8)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig); + $neueckig = str_replace("8o)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig); + $neueckig = str_replace(":P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig); + $neueckig = str_replace(":-P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig); + $neueckig = str_replace(":oP", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig); + $neueckig = str_replace(";P", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig); + $neueckig = str_replace(";oP", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig); + $neueckig = str_replace("?)", "<img src=\"pic/smiles/icon_question.gif\">", $neueckig); + + return $neueckig; +} + +function GetPicturShow($UID) { + global $con; + + $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'"; + $res = mysql_query($SQL, $con); + + if (mysql_num_rows($res) == 1) + return mysql_result($res, 0, 0); + else + return ""; +} + +function displayPictur($UID, $height = "30") { + global $url, $ENGEL_ROOT; + + if ($height > 0) + return ("<div class=\"avatar\"><img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\"></div>"); + else + return ("<div class=\"avatar\"><img class=\"avatar\" src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\"></div>"); +} + +function displayavatar($UID, $height = "30") { + global $con, $url, $ENGEL_ROOT; + + if (GetPicturShow($UID) == 'Y') + return " " . displayPictur($UID, $height); + + $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1"); + if (count($user) > 0) + if ($user[0]['Avatar'] > 0) + return '<div class="avatar">' . (" <img src=\"pic/avatar/avatar" . $user[0]['Avatar'] . ".gif\">") . '</div>'; +} + +function UIDgekommen($UID) { + global $con; + + $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'"; + $Erg = mysql_query($SQL, $con); + + if (mysql_num_rows($Erg)) + return mysql_result($Erg, 0); + else + return "0"; +} +?> |