diff options
| author | Angelo Cuccato <cuccato@web.de> | 2010-11-23 10:28:02 +0100 |
|---|---|---|
| committer | Angelo Cuccato <cuccato@web.de> | 2010-11-23 10:28:02 +0100 |
| commit | 1e4779938497a580217cf0e082730c731282cd69 (patch) | |
| tree | c39215b0c0beab7e099e276ffd6b0d6485d7075a /includes | |
| parent | 3b6e2b24b10ac6230f4f722e015b2c03b49e5dbb (diff) | |
check link before show
Diffstat (limited to 'includes')
| -rwxr-xr-x | includes/UserCVS.php | 49 | ||||
| -rwxr-xr-x | includes/funktion_activeUser.php | 8 | ||||
| -rwxr-xr-x | includes/funktion_schichtplan.php | 82 | ||||
| -rwxr-xr-x | includes/funktion_xml_schudle.php | 5 |
4 files changed, 101 insertions, 43 deletions
diff --git a/includes/UserCVS.php b/includes/UserCVS.php index 4f606b7e..9210e446 100755 --- a/includes/UserCVS.php +++ b/includes/UserCVS.php @@ -50,4 +50,53 @@ if( $DEBUG ) } +function funktion_isLinkAllowed( $PageName) +{ + global $_SESSION; + + // separate page parameter + $ParameterPos = strpos( $PageName, ".php?"); + if( $ParameterPos === FALSE) + { + $pName = $PageName; + } + else + { + $pName = substr( $PageName, 0, $ParameterPos + 4); + } + + // check rights + if( (isset( $_SESSION['CVS'][ $pName ]) === TRUE) && + ($_SESSION['CVS'][ $pName ] == "Y") ) + { + return TRUE; + } + + return FALSE; +} + +function funktion_isLinkAllowed_addLink_OrLinkText( $PageName, $LinkText) +{ + global $url, $ENGEL_ROOT; + + if( funktion_isLinkAllowed( $PageName) === TRUE) + { + return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>"; + } + + return $LinkText; +} + +function funktion_isLinkAllowed_addLink_OrEmpty( $PageName, $LinkText) +{ + global $url, $ENGEL_ROOT; + + if( funktion_isLinkAllowed( $PageName) === TRUE) + { + return "<a href=\"". $url. $ENGEL_ROOT. $PageName. "\">". $LinkText. "</a>"; + } + + return ""; +} + ?> diff --git a/includes/funktion_activeUser.php b/includes/funktion_activeUser.php index 808ccf73..d19895a8 100755 --- a/includes/funktion_activeUser.php +++ b/includes/funktion_activeUser.php @@ -39,11 +39,9 @@ for( $i=0; $i<mysql_num_rows($Erg); $i++) if( $_SESSION['UID']>0 ) echo DisplayAvatar( mysql_result( $Erg, $i, "UID")); // Schow Admin Page - if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" ) - echo " <a href=\"./../admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal\">". - mysql_result( $Erg, $i, "Nick"). "</a>"; - else - echo mysql_result( $Erg, $i, "Nick"); + echo funktion_isLinkAllowed_addLink_OrLinkText( + "admin/userChangeNormal.php?enterUID=". mysql_result( $Erg, $i, "UID"). "&Type=Normal", + mysql_result( $Erg, $i, "Nick")); $Tlog = (substr( mysql_result( $Erg, $i, "lastLogIn"), 8, 2) * 60 * 60 * 24) + // Tag (substr( mysql_result( $Erg, $i, "lastLogIn"), 11, 2) * 60 * 60) + // Stunde diff --git a/includes/funktion_schichtplan.php b/includes/funktion_schichtplan.php index ae4bf821..0b5b9910 100755 --- a/includes/funktion_schichtplan.php +++ b/includes/funktion_schichtplan.php @@ -18,11 +18,9 @@ function ausgabe_Feld_Inhalt( $SID, $Man ) /////////////////////////////////////////////////////////////////// // Schow Admin Page /////////////////////////////////////////////////////////////////// - if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" ) - { - $Spalten.= "<a href=\"./../admin/schichtplan.php?action=change&SID=$SID\">edit</a><br>\n\t\t"; - } - + $Spalten.=funktion_isLinkAllowed_addLink_OrEmpty( + "admin/schichtplan.php?action=change&SID=$SID", + "edit<br>\n\t\t"); /////////////////////////////////////////////////////////////////// // Ausgabe des Schischtnamens @@ -104,28 +102,30 @@ function ausgabe_Feld_Inhalt( $SID, $Man ) foreach( $TempValue["Engel"] as $TempEngelEntry=> $TempEngelID ) { - if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" ) - $Spalten.= " <a href=\"./../admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal\">"; - - if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" ) + if( funktion_isLinkAllowed( "admin/user.php") === TRUE) { - if( UIDgekommen( $TempEngelID ) == "1") - $Spalten.= " <span style=\"color: blue;\">". - UID2Nick( $TempEngelID ). - ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): ""). - "</span><br>\n\t\t"; - else - $Spalten.= " <span style=\"color: red;\">". - UID2Nick( $TempEngelID ). - ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): ""). - "</span><br>\n\t\t"; + // add color, wenn Engel "Gekommen" + $TempText= + ((UIDgekommen( $TempEngelID ) == "1") + ? "<span style=\"color: blue;\">" + : "<span style=\"color: red;\">"). + UID2Nick( $TempEngelID). "</span>"; } else - $Spalten.= " ". UID2Nick( $TempEngelID ). - ($_GET["Icon"]==1? DisplayAvatar( $TempEngelID ): ""). - "<br>\n\t\t"; - if( $_SESSION['CVS'][ "admin/userChangeNormal.php" ] == "Y" ) - $Spalten.= " </a>"; + { + $TempText = UID2Nick( $TempEngelID ); + } + + // add link to user + $TempText= funktion_isLinkAllowed_addLink_OrLinkText( + "admin/userChangeNormal.php?enterUID=$TempEngelID&Type=Normal", + $TempText); + + $Spalten.= " ". $TempText. + ( ($_GET["Icon"]==1) ? DisplayAvatar( $TempEngelID): ""). + "<br>\n\t\t"; + + } $Spalten = substr( $Spalten, 0, strlen($Spalten)-7 ); } @@ -205,13 +205,17 @@ function CreateRoomShifts( $raum ) $ErgSonder = mysql_query($SQLSonder, $con); if( (mysql_num_rows( $ErgSonder) > 1) ) { - if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" ) + if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE ) { echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> "; - echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">". - mysql_result($ErgSonder, 0, "DateS"). - " '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-24)". - "</a><br>\n\t\t"; + for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++) + { + echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". + mysql_result($ErgSonder, $i, "SID"). "\">". + mysql_result($ErgSonder, $i, "DateS"). + " '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-24)". + "</a><br>\n\t\t"; + } } } elseif( (mysql_num_rows( $ErgSonder) == 1) ) @@ -236,13 +240,17 @@ function CreateRoomShifts( $raum ) $ErgSonder = mysql_query($SQLSonder, $con); if( (mysql_num_rows( $ErgSonder) > 1) ) { - if( $_SESSION['CVS'][ "admin/schichtplan.php" ] == "Y" ) + if( funktion_isLinkAllowed( "admin/schichtplan.php") === TRUE ) { echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> "; - echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". mysql_result($ErgSonder, 0, "SID"). "\">". - mysql_result($ErgSonder, 0, "DateS"). - " '". mysql_result($ErgSonder, 0, "Man")."' (RID $raum) (00-xx)". - "</a><br>\n\t\t"; + for( $i=0; $i<mysql_num_rows( $ErgSonder); $i++) + { + echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". + mysql_result($ErgSonder, $i, "SID"). "\">". + mysql_result($ErgSonder, $i, "DateS"). + " '". mysql_result($ErgSonder, $i, "Man")."' (RID $raum) (00-xx)". + "</a><br>\n\t\t"; + } } } elseif( (mysql_num_rows( $ErgSonder) == 1) ) @@ -297,10 +305,12 @@ function CreateRoomShifts( $raum ) } else { - echo Get_Text("pub_schichtplan_colision"). " ". + echo "<h1>". Get_Text("pub_schichtplan_colision"). "</h1> "; + echo "<a href=\"./../admin/schichtplan.php?action=change&SID=". + mysql_result($Erg, $i, "SID"). "\">". mysql_result($Erg, $i, "DateS"). " '". mysql_result($Erg, $i, "Man"). "' ". - " (". mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)<br><br>"; + " (". mysql_result($Erg, $i, "SID"). " R$raum) (xx-xx)</a><br><br>"; } } if( $ZeitZeiger < 24 ) diff --git a/includes/funktion_xml_schudle.php b/includes/funktion_xml_schudle.php index f6931301..4ef0a42f 100755 --- a/includes/funktion_xml_schudle.php +++ b/includes/funktion_xml_schudle.php @@ -259,7 +259,7 @@ foreach($XMLmain->sub as $EventKey => $Event) } else { - echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SIDDB\">edit</a></td>\n"; + echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText("admin/schichtplan.php?action=change&SID=".$SIDDB, "edit"). "</td>\n"; $DS_OK++; } echo "\t</tr>\n"; @@ -299,7 +299,8 @@ if(mysql_num_rows($Erg2)>0 && $EnableSchudleDB ) "<input name=\"LenDB\" type=\"text\" value=\"$Len\" size=\"1\"readonly></td>\n"; echo "\t<td><input name=\"ManXML\" type=\"text\" value=\"\" size=\"40\"readonly>\n\t\t". "<input name=\"ManDB\" type=\"text\" value=\"$Man\" size=\"40\"readonly></td>\n"; - echo "\t<td><a href=\"./schichtplan.php?action=change&SID=$SID\">edit</a></td>\n"; + echo "\t<td>". funktion_isLinkAllowed_addLink_OrLinkText( "admin/schichtplan.php?action=change&SID=".$SID, "edit"). + "</td>\n"; echo "\t<tr>\n"; } echo "</table>"; |