30c3 theme

13 files changed, 325 insertions, 236 deletions

diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php
index 1cd7b5d6..0ffc3c75 100644
--- a/includes/controller/shifts_controller.php
+++ b/includes/controller/shifts_controller.php
@@ -1,25 +1,26 @@
 <?php
 
 /**
- * Export filtered shifts via JSON. (Like iCal Export or shifts view)
+ * Export filtered shifts via JSON.
+ * (Like iCal Export or shifts view)
  */
 function shifts_json_export_controller() {
   global $ical_shifts, $user;
 
-  if (isset ($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key']))
+  if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key']))
     $key = $_REQUEST['key'];
   else
     die("Missing key.");
 
   $user = User_by_api_key($key);
-  if($user === false)
+  if ($user === false)
     die("Unable to find user.");
-  if($user == null)
+  if ($user == null)
     die("Key invalid.");
-  if(!in_array('shifts_json_export', privileges_for_user($user['UID'])))
+  if (! in_array('shifts_json_export', privileges_for_user($user['UID'])))
     die("No privilege for shifts_json_export.");
 
-  if (isset ($_REQUEST['export']) && $_REQUEST['export'] == 'user_shifts') {
+  if (isset($_REQUEST['export']) && $_REQUEST['export'] == 'user_shifts') {
     require_once ('includes/pages/user_shifts.php');
     view_user_shifts();
   } else {
diff --git a/includes/helper/error_helper.php b/includes/helper/error_helper.php
index d26485d6..b4b4f248 100644
--- a/includes/helper/error_helper.php
+++ b/includes/helper/error_helper.php
@@ -2,6 +2,7 @@
 
 /**
  * Displays a fatal message and stops execution.
+ *
  * @param string $message
  */
 function engelsystem_error($message) {
diff --git a/includes/helper/message_helper.php b/includes/helper/message_helper.php
index c582c5b1..9bb78a05 100644
--- a/includes/helper/message_helper.php
+++ b/includes/helper/message_helper.php
@@ -4,7 +4,7 @@
  * Gibt zwischengespeicherte Fehlermeldungen zurück und löscht den Zwischenspeicher
  */
 function msg() {
-  if (!isset ($_SESSION['msg']))
+  if (! isset($_SESSION['msg']))
     return "";
   $msg = $_SESSION['msg'];
   $_SESSION['msg'] = "";
@@ -20,7 +20,7 @@ function info($msg, $immediatly = false) {
       return "";
     return '<p class="info">' . $msg . '</p>';
   } else {
-    if (!isset ($_SESSION['msg']))
+    if (! isset($_SESSION['msg']))
       $_SESSION['msg'] = "";
     $_SESSION['msg'] .= info($msg, true);
   }
@@ -35,7 +35,7 @@ function error($msg, $immediatly = false) {
       return "";
     return '<p class="error">' . $msg . '</p>';
   } else {
-    if (!isset ($_SESSION['msg']))
+    if (! isset($_SESSION['msg']))
       $_SESSION['msg'] = "";
     $_SESSION['msg'] .= error($msg, true);
   }
@@ -50,7 +50,7 @@ function success($msg, $immediatly = false) {
       return "";
     return '<p class="success">' . $msg . '</p>';
   } else {
-    if (!isset ($_SESSION['msg']))
+    if (! isset($_SESSION['msg']))
       $_SESSION['msg'] = "";
     $_SESSION['msg'] .= success($msg, true);
   }
diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php
index 1fa97356..30e2b58c 100644
--- a/includes/model/LogEntries_model.php
+++ b/includes/model/LogEntries_model.php
@@ -2,8 +2,10 @@
 
 /**
  * Creates a log entry.
+ *
  * @param $nick Username
- * @param $message Log Message
+ * @param $message Log
+ *          Message
  */
 function LogEntry_create($nick, $message) {
   return sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape(time()) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
@@ -13,8 +15,7 @@ function LogEntry_create($nick, $message) {
  * Returns log entries of the last 24 hours with maximum count of 1000.
  */
 function LogEntries() {
-  return sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " ORDER BY `timestamp` DESC LIMIT 1000");
+  return sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24 * 60 * 60) . " ORDER BY `timestamp` DESC LIMIT 1000");
 }
 
-
 ?>
\ No newline at end of file
diff --git a/includes/model/Sprache_model.php b/includes/model/Sprache_model.php
index 55683411..0b18dbca 100644
--- a/includes/model/Sprache_model.php
+++ b/includes/model/Sprache_model.php
@@ -2,17 +2,23 @@
 
 /**
  * Load a string by key.
+ *
  * @param string $textid
  * @param string $sprache
  */
 function Sprache($textid, $sprache) {
-  $sprache_source = sql_select("SELECT * FROM `Sprache` WHERE `TextID`='" . sql_escape($textid) . "' AND `Sprache`='" . sql_escape($sprache) . "' LIMIT 1");
-  if($sprache_source === false)
+  $sprache_source = sql_select("
+      SELECT *
+      FROM `Sprache`
+      WHERE `TextID`='" . sql_escape($textid) . "'
+      AND `Sprache`='" . sql_escape($sprache) . "'
+      LIMIT 1
+      ");
+  if ($sprache_source === false)
     return false;
-  if(count($sprache_source) == 1)
+  if (count($sprache_source) == 1)
     return $sprache_source[0];
   return null;
 }
 
-
 ?>
\ No newline at end of file
diff --git a/includes/model/User_model.php b/includes/model/User_model.php
index 7eb31e8e..884aeae8 100644
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@@ -1,25 +1,29 @@
 <?php
+
 /**
  * Returns user by id.
+ *
  * @param $id UID
  */
 function User($id) {
   $user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
-  if($user_source === false)
+  if ($user_source === false)
     return false;
-  if(count($user_source) > 0)
+  if (count($user_source) > 0)
     return $user_source[0];
   return null;
 }
 
 /**
  * Returns User by api_key.
- * @param string $api_key User api key
+ *
+ * @param string $api_key
+ *          User api key
  * @return Matching user, null or false on error
  */
 function User_by_api_key($api_key) {
   $user = sql_select("SELECT * FROM `User` WHERE `api_key`='" . sql_escape($api_key) . "' LIMIT 1");
-  if($user === false)
+  if ($user === false)
     return false;
   if (count($user) == 0)
     return null;
@@ -28,12 +32,13 @@ function User_by_api_key($api_key) {
 
 /**
  * Generates a new api key for given user.
+ *
  * @param User $user
  */
 function User_reset_api_key(&$user) {
   $user['api_key'] = md5($user['Nick'] . time() . rand());
   $result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
-  if($result === false)
+  if ($result === false)
     return false;
   engelsystem_log("API key resetted.");
 }
diff --git a/includes/mysql_provider.php b/includes/mysql_provider.php
index d9e78fb4..9f901a40 100644
--- a/includes/mysql_provider.php
+++ b/includes/mysql_provider.php
@@ -15,7 +15,7 @@ function sql_close() {
 function sql_transaction_start() {
   global $sql_nested_transaction_level;
 
-  if($sql_nested_transaction_level++ == 0)
+  if ($sql_nested_transaction_level ++ == 0)
     return sql_query("BEGIN");
   else
     return true;
@@ -27,7 +27,7 @@ function sql_transaction_start() {
 function sql_transaction_commit() {
   global $sql_nested_transaction_level;
 
-  if(--$sql_nested_transaction_level == 0)
+  if (-- $sql_nested_transaction_level == 0)
     return sql_query("COMMIT");
   else
     return true;
@@ -39,7 +39,7 @@ function sql_transaction_commit() {
 function sql_transaction_rollback() {
   global $sql_nested_transaction_level;
 
-  if(--$sql_nested_transaction_level == 0)
+  if (-- $sql_nested_transaction_level == 0)
     return sql_query("ROLLBACK");
   else
     return true;
@@ -47,6 +47,7 @@ function sql_transaction_rollback() {
 
 /**
  * Logs an sql error.
+ *
  * @param string $message
  * @return false
  */
@@ -63,10 +64,15 @@ function sql_error($message) {
 
 /**
  * Connect to mysql server.
- * @param string $host Host
- * @param string $user Username
- * @param string $pass Password
- * @param string $db DB to select
+ *
+ * @param string $host
+ *          Host
+ * @param string $user
+ *          Username
+ * @param string $pass
+ *          Password
+ * @param string $db
+ *          DB to select
  * @return mysqli The connection handler
  */
 function sql_connect($host, $user, $pass, $db) {
@@ -89,18 +95,21 @@ function sql_connect($host, $user, $pass, $db) {
 
 /**
  * Change the selected db in current mysql-connection.
- * @param $db_name
+ *
+ * @param
+ *          $db_name
  * @return bool true on success, false on error
  */
 function sql_select_db($db_name) {
   global $sql_connection;
-  if (!$sql_connection->select_db($db_name))
+  if (! $sql_connection->select_db($db_name))
     return sql_error("No database selected.");
   return true;
 }
 
 /**
  * MySQL SELECT query
+ *
  * @param string $query
  * @return Result array or false on error
  */
@@ -119,8 +128,9 @@ function sql_select($query) {
 
 /**
  * MySQL execute a query
+ *
  * @param string $query
- * @return mysqli_result|boolean Result resource or false on error
+ * @return mysqli_result boolean resource or false on error
  */
 function sql_query($query) {
   global $sql_connection;
@@ -129,7 +139,7 @@ function sql_query($query) {
   if ($result) {
     return $result;
   } else
-    usr_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error);
+    return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error);
 }
 
 /**
@@ -165,12 +175,12 @@ function sql_num_query($query) {
 }
 
 function sql_select_single_col($query) {
-	$result = sql_select($query);
-	return array_map('array_shift', $result);
+  $result = sql_select($query);
+  return array_map('array_shift', $result);
 }
 
 function sql_select_single_cell($query) {
-	return array_shift(array_shift(sql_select($query)));
+  return array_shift(array_shift(sql_select($query)));
 }
 
 ?>
diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index a2fd98d8..9718f0c0 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -1,110 +1,109 @@
 <?php
 
-
 // Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien
 function load_auth() {
-	global $user, $privileges;
-
-	$user = null;
-	if (isset ($_SESSION['uid'])) {
-		$user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_SESSION['uid']) . " LIMIT 1");
-		if (count($user) > 0) {
-			// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
-			list ($user) = $user;
-			sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;");
-		} else
-			unset ($_SESSION['uid']);
-	}
-
-	$privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1);
+  global $user, $privileges;
+
+  $user = null;
+  if (isset($_SESSION['uid'])) {
+    $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_SESSION['uid']) . " LIMIT 1");
+    if (count($user) > 0) {
+      // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
+      list ($user) = $user;
+      sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;");
+    } else
+      unset($_SESSION['uid']);
+  }
+
+  $privileges = isset($user) ? privileges_for_user($user['UID']) : privileges_for_group(- 1);
 }
 
 // generate a salt (random string) of arbitrary length suitable for the use with crypt()
 function generate_salt($length = 16) {
-	$alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-	$salt = "";
-	for ($i = 0; $i < $length; $i++) {
-		$salt .= $alphabet[rand(0, strlen($alphabet)-1)];
-	}
-	return $salt;
+  $alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+  $salt = "";
+  for($i = 0; $i < $length; $i ++) {
+    $salt .= $alphabet[rand(0, strlen($alphabet) - 1)];
+  }
+  return $salt;
 }
 
 // set the password of a user
 function set_password($uid, $password) {
-	return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1");
+  return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1");
 }
 
 // verify a password given a precomputed salt.
 // if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically
 function verify_password($password, $salt, $uid = false) {
-	$correct = false;
-	if (substr($salt, 0, 1) == '$') // new-style crypt()
-		$correct = crypt($password, $salt) == $salt;
-	elseif (substr($salt, 0, 7) == '{crypt}') // old-style crypt() with DES and static salt - not used anymore
-		$correct = crypt($password, '77') == $salt;
-	elseif (strlen($salt) == 32) // old-style md5 without salt - not used anymore
-		$correct = md5($password) == $salt;
-
-	if($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) {
-		// this password is stored in another format than we want it to be.
-		// let's update it!
-		// we duplicate the query from the above set_password() function to have the extra safety of checking the old hash
-		sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1");
-	}
-	return $correct;
+  $correct = false;
+  if (substr($salt, 0, 1) == '$') // new-style crypt()
+    $correct = crypt($password, $salt) == $salt;
+  elseif (substr($salt, 0, 7) == '{crypt}') // old-style crypt() with DES and static salt - not used anymore
+    $correct = crypt($password, '77') == $salt;
+  elseif (strlen($salt) == 32) // old-style md5 without salt - not used anymore
+    $correct = md5($password) == $salt;
+
+  if ($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) {
+    // this password is stored in another format than we want it to be.
+    // let's update it!
+    // we duplicate the query from the above set_password() function to have the extra safety of checking the old hash
+    sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1");
+  }
+  return $correct;
 }
 
 // JSON Authorisierungs-Schnittstelle
 function json_auth_service() {
-	global $CurrentExternAuthPass;
-
-	header("Content-Type: application/json");
-
-	$User = $_REQUEST['user'];
-	$Pass = $_REQUEST['pw'];
-	$SourceOuth = $_REQUEST['so'];
-
-	if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) {
-		$sql = "SELECT `UID`, `Passwort` FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
-		$Erg = sql_select($sql);
-
-		if (count($Erg) == 1) {
-			$Erg = $Erg[0];
-			if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) {
-				$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
-				foreach ($user_privs as $user_priv)
-					$privileges[] = $user_priv['name'];
-
-				$msg = array (
-					'status' => 'success',
-					'rights' => $privileges
-				);
-				echo json_encode($msg);
-				die();
-			}
-		}
-	}
-
-	echo json_encode(array (
-		'status' => 'failed',
-		'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too"
-	));
-	die();
+  global $CurrentExternAuthPass;
+
+  header("Content-Type: application/json");
+
+  $User = $_REQUEST['user'];
+  $Pass = $_REQUEST['pw'];
+  $SourceOuth = $_REQUEST['so'];
+
+  if (isset($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) {
+    $sql = "SELECT `UID`, `Passwort` FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
+    $Erg = sql_select($sql);
+
+    if (count($Erg) == 1) {
+      $Erg = $Erg[0];
+      if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) {
+        $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
+        foreach ($user_privs as $user_priv)
+          $privileges[] = $user_priv['name'];
+
+        $msg = array (
+            'status' => 'success',
+            'rights' => $privileges
+        );
+        echo json_encode($msg);
+        die();
+      }
+    }
+  }
+
+  echo json_encode(array (
+      'status' => 'failed',
+      'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too"
+  ));
+  die();
 }
 
 function privileges_for_user($user_id) {
-	$privileges = array ();
-	$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";");
-	foreach ($user_privs as $user_priv)
-		$privileges[] = $user_priv['name'];
-	return $privileges;
+  $privileges = array ();
+  $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";");
+  foreach ($user_privs as $user_priv)
+    $privileges[] = $user_priv['name'];
+  return $privileges;
 }
 
 function privileges_for_group($group_id) {
-	$privileges = array ();
-	$groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id));
-	foreach ($groups_privs as $guest_priv)
-		$privileges[] = $guest_priv['name'];
-	return $privileges;
+  $privileges = array ();
+  $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id));
+  foreach ($groups_privs as $guest_priv)
+    $privileges[] = $guest_priv['name'];
+  return $privileges;
 }
 ?>
diff --git a/includes/sys_counter.php b/includes/sys_counter.php
index abcb652b..40110165 100644
--- a/includes/sys_counter.php
+++ b/includes/sys_counter.php
@@ -1,10 +1,11 @@
 <?php
+
 function counter() {
-	global $p;
+  global $p;
 
-	if (sql_num_query("SELECT `Anz` FROM `Counter` WHERE `URL`='" . sql_escape($p) . "'") == 0)
-		sql_query("INSERT INTO `Counter` ( `URL` , `Anz` ) VALUES ('" . sql_escape($p) . "', '1');");
-	else
-		sql_query("UPDATE `Counter` SET `Anz` = `Anz` + 1 WHERE `URL` = '" . sql_escape($p) . "' LIMIT 1 ;");
+  if (sql_num_query("SELECT `Anz` FROM `Counter` WHERE `URL`='" . sql_escape($p) . "'") == 0)
+    sql_query("INSERT INTO `Counter` ( `URL` , `Anz` ) VALUES ('" . sql_escape($p) . "', '1');");
+  else
+    sql_query("UPDATE `Counter` SET `Anz` = `Anz` + 1 WHERE `URL` = '" . sql_escape($p) . "' LIMIT 1 ;");
 }
 ?>
diff --git a/includes/sys_log.php b/includes/sys_log.php
index 65c0aa41..60c765c0 100644
--- a/includes/sys_log.php
+++ b/includes/sys_log.php
@@ -1,13 +1,16 @@
 <?php
 
 /**
- * Write a log entry. This should be used to log user's activity.
- * @param $message
+ * Write a log entry.
+ * This should be used to log user's activity.
+ *
+ * @param
+ *          $message
  */
 function engelsystem_log($message) {
   global $user;
 
-  if(isset($user)) {
+  if (isset($user)) {
     $nick = $user['Nick'];
   } else {
     $nick = "Guest";
@@ -16,4 +19,23 @@ function engelsystem_log($message) {
   LogEntry_create($nick, $message);
 }
 
+/**
+ * Generates a PHP Stacktrace.
+ */
+function debug_string_backtrace() {
+  ob_start();
+  debug_print_backtrace();
+  $trace = ob_get_contents();
+  ob_end_clean();
+
+  // Remove first item from backtrace as it's this function which
+  // is redundant.
+  $trace = preg_replace('/^#0\s+' . __FUNCTION__ . "[^\n]*\n/", '', $trace, 1);
+
+  // Renumber backtrace items.
+  $trace = preg_replace('/^#(\d+)/me', '\'#\' . ($1 - 1)', $trace);
+
+  return $trace;
+}
+
 ?>
\ No newline at end of file
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index 5c69be39..f2611397 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -1,89 +1,109 @@
 <?php
+
 function page_link_to($page) {
-	return '?p=' . $page;
+  return '?p=' . $page;
 }
 
 function page_link_to_absolute($page) {
-	return (isset ($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . preg_replace("/\?.*$/", '', $_SERVER['REQUEST_URI']) . page_link_to($page);
+  return (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . preg_replace("/\?.*$/", '', $_SERVER['REQUEST_URI']) . page_link_to($page);
+}
+
+/**
+ * Renders the header toolbar containing search, login/logout, user and settings links.
+ */
+function header_toolbar() {
+  global $p, $privileges, $user;
+
+  $toolbar_items = array();
+
+  if(in_array('register', $privileges))
+    $toolbar_items[] = toolbar_item_link(page_link_to('register'), 'register', "Register", $p == 'register');
+
+  if(in_array('user_myshifts', $privileges))
+    $toolbar_items[] = toolbar_item_link(page_link_to('user_myshifts'), 'engel', $user['Nick'], $p == 'user_myshifts');
+
+  if(in_array('user_settings', $privileges))
+    $toolbar_items[] = toolbar_item_link(page_link_to('user_settings'), 'settings', "Settings", $p == 'user_settings');
+
+  if(in_array('login', $privileges))
+    $toolbar_items[] = toolbar_item_link(page_link_to('login'), 'login', "Login", $p == 'login');
+
+  if(in_array('logout', $privileges))
+    $toolbar_items[] = toolbar_item_link(page_link_to('logout'), 'logout', "Logout", $p == 'logout');
+
+  return toolbar($toolbar_items);
 }
 
 function make_navigation() {
-	global $p;
-	global $privileges;
-	$menu_items = $privileges;
-	$menu_items[] = "faq";
-	$menu = "";
-
-	// Standard Navigation
-	$menu .= make_navigation_for(Get_Text('/'), array (
-		"login",
-		"logout",
-		"register",
-		"faq"
-	));
-
-	// Engel Navigation
-	$menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array (
-		"news",
-		"user_meetings",
-		"user_myshifts",
-		"user_shifts",
-		"user_messages",
-		"user_questions",
-		"user_wakeup",
-		"user_settings"
-	));
-
-	// Admin Navigation
-	$menu .= make_navigation_for(Get_Text('admin/'), array (
-		"admin_arrive",
-		"admin_active",
-		"admin_user",
-		"admin_free",
-		"admin_usershifts",
-		"admin_questions",
-		"admin_angel_types",
-		"admin_user_angeltypes",
-		"admin_shifts",
-		"admin_rooms",
-		"admin_groups",
-		"admin_faq",
-		"admin_language",
-		"admin_import",
-		"admin_log"
-	));
-	return $menu;
+  global $p;
+  global $privileges;
+  $menu = "";
+
+  $specials = array(
+      "faq"
+  );
+
+  $pages = array(
+      "news",
+      "user_meetings",
+      "user_myshifts",
+      "user_shifts",
+      "user_messages",
+      "user_questions",
+      "user_wakeup",
+      "admin_arrive",
+      "admin_active",
+      "admin_user",
+      "admin_free",
+      "admin_usershifts",
+      "admin_questions",
+      "admin_angel_types",
+      "admin_user_angeltypes",
+      "admin_shifts",
+      "admin_rooms",
+      "admin_groups",
+      "admin_faq",
+      "admin_language",
+      "admin_import",
+      "admin_log"
+  );
+
+  foreach ($pages as $page)
+    if (in_array($page, $privileges) || in_array($page, $specials))
+      $menu .= '<li' . ($page == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($page) . '">' . Get_Text($page) . '</a></li>';
+
+  return '<nav><ul>' . $menu . '</ul></nav>';
 }
 
 function make_navigation_for($name, $pages) {
-	global $privileges, $p;
+  global $privileges, $p;
 
-	$specials = array (
-		"faq"
-	);
+  $specials = array(
+      "faq"
+  );
 
-	$menu = "";
-	foreach ($pages as $page)
-		if (in_array($page, $privileges) || in_array($page, $specials))
-			$menu .= '<li' . ($page == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($page) . '">' . Get_Text($page) . '</a></li>';
+  $menu = "";
+  foreach ($pages as $page)
+    if (in_array($page, $privileges) || in_array($page, $specials))
+      $menu .= '<li' . ($page == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($page) . '">' . Get_Text($page) . '</a></li>';
 
-	if ($menu != "")
-		$menu = '<nav class="container"><h4>' . $name . '</h4><ul class="content">' . $menu . '</ul></nav>';
-	return $menu;
+  if ($menu != "")
+    $menu = '<nav class="container"><h4>' . $name . '</h4><ul class="content">' . $menu . '</ul></nav>';
+  return $menu;
 }
 
 function make_menu() {
-	return make_navigation() . make_langselect();
+  return make_navigation() . make_langselect();
 }
 
 function make_langselect() {
-	if (strpos($_SERVER["REQUEST_URI"], "?") > 0)
-		$URL = $_SERVER["REQUEST_URI"] . "&SetLanguage=";
-	else
-		$URL = $_SERVER["REQUEST_URI"] . "?SetLanguage=";
-
-	$html = '<p class="content"><a class="sprache" href="' . htmlspecialchars($URL) . 'DE"><img src="pic/flag/de.png" alt="DE" title="Deutsch"></a>';
-	$html .= '<a class="sprache" href="' . htmlspecialchars($URL) . 'EN"><img src="pic/flag/en.png" alt="EN" title="English"></a></p>';
-	return '<nav class="container"><h4>' . Get_Text("Sprache") . '</h4>' . $html . '</nav>';
+  if (strpos($_SERVER["REQUEST_URI"], "?") > 0)
+    $URL = $_SERVER["REQUEST_URI"] . "&SetLanguage=";
+  else
+    $URL = $_SERVER["REQUEST_URI"] . "?SetLanguage=";
+
+  $html = '<p class="content"><a class="sprache" href="' . htmlspecialchars($URL) . 'DE"><img src="pic/flag/de.png" alt="DE" title="Deutsch"></a>';
+  $html .= '<a class="sprache" href="' . htmlspecialchars($URL) . 'EN"><img src="pic/flag/en.png" alt="EN" title="English"></a></p>';
+  return '<nav class="container"><h4>' . Get_Text("Sprache") . '</h4>' . $html . '</nav>';
 }
 ?>
diff --git a/includes/sys_page.php b/includes/sys_page.php
index a49e76cb..f9ee0ea6 100644
--- a/includes/sys_page.php
+++ b/includes/sys_page.php
@@ -1,49 +1,49 @@
 <?php
 
-
 /**
  * Leitet den Browser an die übergebene URL weiter und hält das Script an.
  */
 function redirect($to) {
-	header("Location: " . $to, true, 302);
-	die();
+  header("Location: " . $to, true, 302);
+  die();
 }
 
 /**
  * Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück
  */
 function strip_request_item($name) {
-	return strip_item($_REQUEST[$name]);
+  return strip_item($_REQUEST[$name]);
 }
 
 /**
- * Testet, ob der angegebene REQUEST Wert ein Integer ist, bzw. eine ID sein könnte.
+ * Testet, ob der angegebene REQUEST Wert ein Integer ist, bzw.
+ * eine ID sein könnte.
  */
 function test_request_int($name) {
-	if (isset ($_REQUEST[$name]))
-		return preg_match("/^[0-9]*$/", $_REQUEST[$name]);
-	return false;
+  if (isset($_REQUEST[$name]))
+    return preg_match("/^[0-9]*$/", $_REQUEST[$name]);
+  return false;
 }
 
 /**
  * Gibt den gefilterten REQUEST Wert mit Zeilenumbrüchen zurück
  */
 function strip_request_item_nl($name) {
-	return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($_REQUEST[$name]));
+  return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($_REQUEST[$name]));
 }
 
 /**
  * Entfernt unerwünschte Zeichen
  */
 function strip_item($item) {
-	return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item));
+  return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item));
 }
 
 /**
  * Überprüft eine E-Mail-Adresse.
  */
 function check_email($email) {
-	return (bool) preg_match("#^([a-zA-Z0-9_+\-])+(\.([a-zA-Z0-9_+\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email);
+  return (bool) preg_match("#^([a-zA-Z0-9_+\-])+(\.([a-zA-Z0-9_+\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email);
 }
 
 ?>
diff --git a/includes/sys_template.php b/includes/sys_template.php
index e15af7f8..a7662e84 100644
--- a/includes/sys_template.php
+++ b/includes/sys_template.php
@@ -1,29 +1,46 @@
 <?php
 
-
 /**
  * Liste der verfügbaren Themes
  */
-$themes = array (
-  "1" => "Standard-Style",
-  "2" => "ot/Gelber Style",
-  "3" => "Club-Mate Style",
-  "5" => "Debian Style",
-  "6" => "c-base Style",
-  "7" => "Blau/Gelber Style",
-  "8" => "Pastel Style",
-  "4" => "Test Style",
-  "9" => "Test Style 21c3",
-  "10" => "Engelsystem 2.0",
-  "11" => "msquare (29c3)"
+$themes = array(
+    "1" => "30C3 light",
+    "2" => "30C3 dark"
 );
 
 /**
+ * Render a toolbar.
+ *
+ * @param array $items
+ * @return string
+ */
+function toolbar($items = array()) {
+  return '<div class="toolbar">' . join("\n", $items) . '</div>';
+}
+
+/**
+ * Render a link for a toolbar.
+ * @param string $href
+ * @param string $class
+ * @param string $label
+ * @param bool $selected
+ * @return string
+ */
+function toolbar_item_link($href, $class, $label, $selected = false) {
+  return '<a href="' . $href . '" class="' . ($selected ? 'selected ' : '') . '' . $class . '">' . $label . '</a>';
+}
+
+/**
  * Rendert eine Liste von Checkboxen für ein Formular
- * @param name Die Namen der Checkboxen werden aus name_key gebildet
- * @param label Die Beschriftung der Liste
- * @param items Array mit den einzelnen Checkboxen
- * @param selected Array mit den Keys, die ausgewählt sind
+ *
+ * @param
+ *          name Die Namen der Checkboxen werden aus name_key gebildet
+ * @param
+ *          label Die Beschriftung der Liste
+ * @param
+ *          items Array mit den einzelnen Checkboxen
+ * @param
+ *          selected Array mit den Keys, die ausgewählt sind
  */
 function form_checkboxes($name, $label, $items, $selected) {
   $html = "<ul>";
@@ -38,11 +55,17 @@ function form_checkboxes($name, $label, $items, $selected) {
 
 /**
  * Rendert eine Tabelle von Checkboxen für ein Formular
- * @param names Assoziatives Array mit Namen der Checkboxen als Keys und Überschriften als Values
- * @param label Die Beschriftung der gesamten Tabelle
- * @param items Array mit den Beschriftungen der Zeilen
- * @param selected Mehrdimensionales Array, wobei $selected[foo] ein Array der in der Datenreihe foo markierten Checkboxen ist
- * @param disabled Wie selected, nur dass die entsprechenden Checkboxen deaktiviert statt markiert sind
+ *
+ * @param
+ *          names Assoziatives Array mit Namen der Checkboxen als Keys und Überschriften als Values
+ * @param
+ *          label Die Beschriftung der gesamten Tabelle
+ * @param
+ *          items Array mit den Beschriftungen der Zeilen
+ * @param
+ *          selected Mehrdimensionales Array, wobei $selected[foo] ein Array der in der Datenreihe foo markierten Checkboxen ist
+ * @param
+ *          disabled Wie selected, nur dass die entsprechenden Checkboxen deaktiviert statt markiert sind
  */
 function form_multi_checkboxes($names, $label, $items, $selected, $disabled = array()) {
   $html = "<table><thead><tr>";
@@ -54,7 +77,7 @@ function form_multi_checkboxes($names, $label, $items, $selected, $disabled = ar
     foreach ($names as $name => $title) {
       $id = $name . '_' . $key;
       $sel = array_search($key, $selected[$name]) !== false ? ' checked="checked"' : "";
-      if (!empty($disabled) && !empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false)
+      if (! empty($disabled) && ! empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false)
         $sel .= ' disabled="disabled"';
       $html .= '<td style="text-align: center;"><input type="checkbox" id="' . $id . '" name="' . $name . '[]" value="' . $key . '"' . $sel . ' /></td>';
     }
@@ -131,7 +154,8 @@ function form($elements, $action = "") {
 }
 
 /**
- * Generiert HTML Code für eine "Seite". Fügt dazu die übergebenen Elemente zusammen.
+ * Generiert HTML Code für eine "Seite".
+ * Fügt dazu die übergebenen Elemente zusammen.
  */
 function page($elements) {
   return join($elements);
@@ -153,10 +177,10 @@ function table($columns, $rows, $data = true) {
   foreach ($rows as $row) {
     $html .= '<tr>';
     foreach ($columns as $key => $column)
-      if (isset ($row[$key]))
-      $html .= '<td class="' . $key . '">' . $row[$key] . '</td>';
-    else
-      $html .= '<td class="' . $key . '">&nbsp;</td>';
+      if (isset($row[$key]))
+        $html .= '<td class="' . $key . '">' . $row[$key] . '</td>';
+      else
+        $html .= '<td class="' . $key . '">&nbsp;</td>';
     $html .= '</tr>';
   }
   $html .= '</tbody>';
@@ -184,8 +208,8 @@ function template_render($file, $data) {
     $template = file_get_contents($file);
     if (is_array($data))
       foreach ($data as $name => $content) {
-      $template = str_replace("%" . $name . "%", $content, $template);
-    }
+        $template = str_replace("%" . $name . "%", $content, $template);
+      }
     return $template;
   } else {
     die('Cannot find template file &laquo;' . $file . '&raquo;.');
@@ -235,11 +259,10 @@ function html_select_key($id, $name, $rows, $selected) {
 }
 
 function img_button($link, $icon, $text, $extra_text = '') {
-  $translation = empty($text)? '' : Get_Text($text);
-  return '<a href="' . htmlspecialchars($link) . '"><img src="pic/icons/' . htmlspecialchars($icon) . '.png" alt="' . $translation . '" ' . (empty($translation)? '' : 'title="' . $translation . '"') . '>' . (empty($extra_text)? '' : ' ' . $extra_text) . '</a>';
+  $translation = empty($text) ? '' : Get_Text($text);
+  return '<a href="' . htmlspecialchars($link) . '"><img src="pic/icons/' . htmlspecialchars($icon) . '.png" alt="' . $translation . '" ' . (empty($translation) ? '' : 'title="' . $translation . '"') . '>' . (empty($extra_text) ? '' : ' ' . $extra_text) . '</a>';
 }
 
-
 function ReplaceSmilies($neueckig) {
   $neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
   $neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);