summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorPhilip Häusler <msquare@notrademark.de>2013-10-13 00:52:44 +0200
committerPhilip Häusler <msquare@notrademark.de>2013-10-13 00:52:44 +0200
commit3c4321ff76accb98ec3c99316766234ebcafae90 (patch)
tree7461bf942302ec3344a5006f3d40c49963ac28dc /includes
parentbfb0cacd541cc20129a3c0ac77130370741dca18 (diff)
30c3 theme
Diffstat (limited to 'includes')
-rw-r--r--includes/controller/shifts_controller.php13
-rw-r--r--includes/helper/error_helper.php1
-rw-r--r--includes/helper/message_helper.php8
-rw-r--r--includes/model/LogEntries_model.php7
-rw-r--r--includes/model/Sprache_model.php14
-rw-r--r--includes/model/User_model.php15
-rw-r--r--includes/mysql_provider.php38
-rw-r--r--includes/sys_auth.php161
-rw-r--r--includes/sys_counter.php11
-rw-r--r--includes/sys_log.php28
-rw-r--r--includes/sys_menu.php154
-rw-r--r--includes/sys_page.php22
-rw-r--r--includes/sys_template.php89
13 files changed, 325 insertions, 236 deletions
diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php
index 1cd7b5d6..0ffc3c75 100644
--- a/includes/controller/shifts_controller.php
+++ b/includes/controller/shifts_controller.php
@@ -1,25 +1,26 @@
<?php
/**
- * Export filtered shifts via JSON. (Like iCal Export or shifts view)
+ * Export filtered shifts via JSON.
+ * (Like iCal Export or shifts view)
*/
function shifts_json_export_controller() {
global $ical_shifts, $user;
- if (isset ($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key']))
+ if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key']))
$key = $_REQUEST['key'];
else
die("Missing key.");
$user = User_by_api_key($key);
- if($user === false)
+ if ($user === false)
die("Unable to find user.");
- if($user == null)
+ if ($user == null)
die("Key invalid.");
- if(!in_array('shifts_json_export', privileges_for_user($user['UID'])))
+ if (! in_array('shifts_json_export', privileges_for_user($user['UID'])))
die("No privilege for shifts_json_export.");
- if (isset ($_REQUEST['export']) && $_REQUEST['export'] == 'user_shifts') {
+ if (isset($_REQUEST['export']) && $_REQUEST['export'] == 'user_shifts') {
require_once ('includes/pages/user_shifts.php');
view_user_shifts();
} else {
diff --git a/includes/helper/error_helper.php b/includes/helper/error_helper.php
index d26485d6..b4b4f248 100644
--- a/includes/helper/error_helper.php
+++ b/includes/helper/error_helper.php
@@ -2,6 +2,7 @@
/**
* Displays a fatal message and stops execution.
+ *
* @param string $message
*/
function engelsystem_error($message) {
diff --git a/includes/helper/message_helper.php b/includes/helper/message_helper.php
index c582c5b1..9bb78a05 100644
--- a/includes/helper/message_helper.php
+++ b/includes/helper/message_helper.php
@@ -4,7 +4,7 @@
* Gibt zwischengespeicherte Fehlermeldungen zurück und löscht den Zwischenspeicher
*/
function msg() {
- if (!isset ($_SESSION['msg']))
+ if (! isset($_SESSION['msg']))
return "";
$msg = $_SESSION['msg'];
$_SESSION['msg'] = "";
@@ -20,7 +20,7 @@ function info($msg, $immediatly = false) {
return "";
return '<p class="info">' . $msg . '</p>';
} else {
- if (!isset ($_SESSION['msg']))
+ if (! isset($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= info($msg, true);
}
@@ -35,7 +35,7 @@ function error($msg, $immediatly = false) {
return "";
return '<p class="error">' . $msg . '</p>';
} else {
- if (!isset ($_SESSION['msg']))
+ if (! isset($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= error($msg, true);
}
@@ -50,7 +50,7 @@ function success($msg, $immediatly = false) {
return "";
return '<p class="success">' . $msg . '</p>';
} else {
- if (!isset ($_SESSION['msg']))
+ if (! isset($_SESSION['msg']))
$_SESSION['msg'] = "";
$_SESSION['msg'] .= success($msg, true);
}
diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php
index 1fa97356..30e2b58c 100644
--- a/includes/model/LogEntries_model.php
+++ b/includes/model/LogEntries_model.php
@@ -2,8 +2,10 @@
/**
* Creates a log entry.
+ *
* @param $nick Username
- * @param $message Log Message
+ * @param $message Log
+ * Message
*/
function LogEntry_create($nick, $message) {
return sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape(time()) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
@@ -13,8 +15,7 @@ function LogEntry_create($nick, $message) {
* Returns log entries of the last 24 hours with maximum count of 1000.
*/
function LogEntries() {
- return sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " ORDER BY `timestamp` DESC LIMIT 1000");
+ return sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24 * 60 * 60) . " ORDER BY `timestamp` DESC LIMIT 1000");
}
-
?> \ No newline at end of file
diff --git a/includes/model/Sprache_model.php b/includes/model/Sprache_model.php
index 55683411..0b18dbca 100644
--- a/includes/model/Sprache_model.php
+++ b/includes/model/Sprache_model.php
@@ -2,17 +2,23 @@
/**
* Load a string by key.
+ *
* @param string $textid
* @param string $sprache
*/
function Sprache($textid, $sprache) {
- $sprache_source = sql_select("SELECT * FROM `Sprache` WHERE `TextID`='" . sql_escape($textid) . "' AND `Sprache`='" . sql_escape($sprache) . "' LIMIT 1");
- if($sprache_source === false)
+ $sprache_source = sql_select("
+ SELECT *
+ FROM `Sprache`
+ WHERE `TextID`='" . sql_escape($textid) . "'
+ AND `Sprache`='" . sql_escape($sprache) . "'
+ LIMIT 1
+ ");
+ if ($sprache_source === false)
return false;
- if(count($sprache_source) == 1)
+ if (count($sprache_source) == 1)
return $sprache_source[0];
return null;
}
-
?> \ No newline at end of file
diff --git a/includes/model/User_model.php b/includes/model/User_model.php
index 7eb31e8e..884aeae8 100644
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@@ -1,25 +1,29 @@
<?php
+
/**
* Returns user by id.
+ *
* @param $id UID
*/
function User($id) {
$user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- if($user_source === false)
+ if ($user_source === false)
return false;
- if(count($user_source) > 0)
+ if (count($user_source) > 0)
return $user_source[0];
return null;
}
/**
* Returns User by api_key.
- * @param string $api_key User api key
+ *
+ * @param string $api_key
+ * User api key
* @return Matching user, null or false on error
*/
function User_by_api_key($api_key) {
$user = sql_select("SELECT * FROM `User` WHERE `api_key`='" . sql_escape($api_key) . "' LIMIT 1");
- if($user === false)
+ if ($user === false)
return false;
if (count($user) == 0)
return null;
@@ -28,12 +32,13 @@ function User_by_api_key($api_key) {
/**
* Generates a new api key for given user.
+ *
* @param User $user
*/
function User_reset_api_key(&$user) {
$user['api_key'] = md5($user['Nick'] . time() . rand());
$result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
- if($result === false)
+ if ($result === false)
return false;
engelsystem_log("API key resetted.");
}
diff --git a/includes/mysql_provider.php b/includes/mysql_provider.php
index d9e78fb4..9f901a40 100644
--- a/includes/mysql_provider.php
+++ b/includes/mysql_provider.php
@@ -15,7 +15,7 @@ function sql_close() {
function sql_transaction_start() {
global $sql_nested_transaction_level;
- if($sql_nested_transaction_level++ == 0)
+ if ($sql_nested_transaction_level ++ == 0)
return sql_query("BEGIN");
else
return true;
@@ -27,7 +27,7 @@ function sql_transaction_start() {
function sql_transaction_commit() {
global $sql_nested_transaction_level;
- if(--$sql_nested_transaction_level == 0)
+ if (-- $sql_nested_transaction_level == 0)
return sql_query("COMMIT");
else
return true;
@@ -39,7 +39,7 @@ function sql_transaction_commit() {
function sql_transaction_rollback() {
global $sql_nested_transaction_level;
- if(--$sql_nested_transaction_level == 0)
+ if (-- $sql_nested_transaction_level == 0)
return sql_query("ROLLBACK");
else
return true;
@@ -47,6 +47,7 @@ function sql_transaction_rollback() {
/**
* Logs an sql error.
+ *
* @param string $message
* @return false
*/
@@ -63,10 +64,15 @@ function sql_error($message) {
/**
* Connect to mysql server.
- * @param string $host Host
- * @param string $user Username
- * @param string $pass Password
- * @param string $db DB to select
+ *
+ * @param string $host
+ * Host
+ * @param string $user
+ * Username
+ * @param string $pass
+ * Password
+ * @param string $db
+ * DB to select
* @return mysqli The connection handler
*/
function sql_connect($host, $user, $pass, $db) {
@@ -89,18 +95,21 @@ function sql_connect($host, $user, $pass, $db) {
/**
* Change the selected db in current mysql-connection.
- * @param $db_name
+ *
+ * @param
+ * $db_name
* @return bool true on success, false on error
*/
function sql_select_db($db_name) {
global $sql_connection;
- if (!$sql_connection->select_db($db_name))
+ if (! $sql_connection->select_db($db_name))
return sql_error("No database selected.");
return true;
}
/**
* MySQL SELECT query
+ *
* @param string $query
* @return Result array or false on error
*/
@@ -119,8 +128,9 @@ function sql_select($query) {
/**
* MySQL execute a query
+ *
* @param string $query
- * @return mysqli_result|boolean Result resource or false on error
+ * @return mysqli_result boolean resource or false on error
*/
function sql_query($query) {
global $sql_connection;
@@ -129,7 +139,7 @@ function sql_query($query) {
if ($result) {
return $result;
} else
- usr_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error);
+ return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error);
}
/**
@@ -165,12 +175,12 @@ function sql_num_query($query) {
}
function sql_select_single_col($query) {
- $result = sql_select($query);
- return array_map('array_shift', $result);
+ $result = sql_select($query);
+ return array_map('array_shift', $result);
}
function sql_select_single_cell($query) {
- return array_shift(array_shift(sql_select($query)));
+ return array_shift(array_shift(sql_select($query)));
}
?>
diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index a2fd98d8..9718f0c0 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -1,110 +1,109 @@
<?php
-
// Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien
function load_auth() {
- global $user, $privileges;
-
- $user = null;
- if (isset ($_SESSION['uid'])) {
- $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_SESSION['uid']) . " LIMIT 1");
- if (count($user) > 0) {
- // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
- list ($user) = $user;
- sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;");
- } else
- unset ($_SESSION['uid']);
- }
-
- $privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1);
+ global $user, $privileges;
+
+ $user = null;
+ if (isset($_SESSION['uid'])) {
+ $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_SESSION['uid']) . " LIMIT 1");
+ if (count($user) > 0) {
+ // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
+ list ($user) = $user;
+ sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;");
+ } else
+ unset($_SESSION['uid']);
+ }
+
+ $privileges = isset($user) ? privileges_for_user($user['UID']) : privileges_for_group(- 1);
}
// generate a salt (random string) of arbitrary length suitable for the use with crypt()
function generate_salt($length = 16) {
- $alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
- $salt = "";
- for ($i = 0; $i < $length; $i++) {
- $salt .= $alphabet[rand(0, strlen($alphabet)-1)];
- }
- return $salt;
+ $alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+ $salt = "";
+ for($i = 0; $i < $length; $i ++) {
+ $salt .= $alphabet[rand(0, strlen($alphabet) - 1)];
+ }
+ return $salt;
}
// set the password of a user
function set_password($uid, $password) {
- return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1");
+ return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1");
}
// verify a password given a precomputed salt.
// if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically
function verify_password($password, $salt, $uid = false) {
- $correct = false;
- if (substr($salt, 0, 1) == '$') // new-style crypt()
- $correct = crypt($password, $salt) == $salt;
- elseif (substr($salt, 0, 7) == '{crypt}') // old-style crypt() with DES and static salt - not used anymore
- $correct = crypt($password, '77') == $salt;
- elseif (strlen($salt) == 32) // old-style md5 without salt - not used anymore
- $correct = md5($password) == $salt;
-
- if($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) {
- // this password is stored in another format than we want it to be.
- // let's update it!
- // we duplicate the query from the above set_password() function to have the extra safety of checking the old hash
- sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1");
- }
- return $correct;
+ $correct = false;
+ if (substr($salt, 0, 1) == '$') // new-style crypt()
+ $correct = crypt($password, $salt) == $salt;
+ elseif (substr($salt, 0, 7) == '{crypt}') // old-style crypt() with DES and static salt - not used anymore
+ $correct = crypt($password, '77') == $salt;
+ elseif (strlen($salt) == 32) // old-style md5 without salt - not used anymore
+ $correct = md5($password) == $salt;
+
+ if ($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) {
+ // this password is stored in another format than we want it to be.
+ // let's update it!
+ // we duplicate the query from the above set_password() function to have the extra safety of checking the old hash
+ sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1");
+ }
+ return $correct;
}
// JSON Authorisierungs-Schnittstelle
function json_auth_service() {
- global $CurrentExternAuthPass;
-
- header("Content-Type: application/json");
-
- $User = $_REQUEST['user'];
- $Pass = $_REQUEST['pw'];
- $SourceOuth = $_REQUEST['so'];
-
- if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) {
- $sql = "SELECT `UID`, `Passwort` FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
- $Erg = sql_select($sql);
-
- if (count($Erg) == 1) {
- $Erg = $Erg[0];
- if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) {
- $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
- foreach ($user_privs as $user_priv)
- $privileges[] = $user_priv['name'];
-
- $msg = array (
- 'status' => 'success',
- 'rights' => $privileges
- );
- echo json_encode($msg);
- die();
- }
- }
- }
-
- echo json_encode(array (
- 'status' => 'failed',
- 'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too"
- ));
- die();
+ global $CurrentExternAuthPass;
+
+ header("Content-Type: application/json");
+
+ $User = $_REQUEST['user'];
+ $Pass = $_REQUEST['pw'];
+ $SourceOuth = $_REQUEST['so'];
+
+ if (isset($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) {
+ $sql = "SELECT `UID`, `Passwort` FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
+ $Erg = sql_select($sql);
+
+ if (count($Erg) == 1) {
+ $Erg = $Erg[0];
+ if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) {
+ $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
+ foreach ($user_privs as $user_priv)
+ $privileges[] = $user_priv['name'];
+
+ $msg = array (
+ 'status' => 'success',
+ 'rights' => $privileges
+ );
+ echo json_encode($msg);
+ die();
+ }
+ }
+ }
+
+ echo json_encode(array (
+ 'status' => 'failed',
+ 'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too"
+ ));
+ die();
}
function privileges_for_user($user_id) {
- $privileges = array ();
- $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";");
- foreach ($user_privs as $user_priv)
- $privileges[] = $user_priv['name'];
- return $privileges;
+ $privileges = array ();
+ $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";");
+ foreach ($user_privs as $user_priv)
+ $privileges[] = $user_priv['name'];
+ return $privileges;
}
function privileges_for_group($group_id) {
- $privileges = array ();
- $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id));
- foreach ($groups_privs as $guest_priv)
- $privileges[] = $guest_priv['name'];
- return $privileges;
+ $privileges = array ();
+ $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id));
+ foreach ($groups_privs as $guest_priv)
+ $privileges[] = $guest_priv['name'];
+ return $privileges;
}
?>
diff --git a/includes/sys_counter.php b/includes/sys_counter.php
index abcb652b..40110165 100644
--- a/includes/sys_counter.php
+++ b/includes/sys_counter.php
@@ -1,10 +1,11 @@
<?php
+
function counter() {
- global $p;
+ global $p;
- if (sql_num_query("SELECT `Anz` FROM `Counter` WHERE `URL`='" . sql_escape($p) . "'") == 0)
- sql_query("INSERT INTO `Counter` ( `URL` , `Anz` ) VALUES ('" . sql_escape($p) . "', '1');");
- else
- sql_query("UPDATE `Counter` SET `Anz` = `Anz` + 1 WHERE `URL` = '" . sql_escape($p) . "' LIMIT 1 ;");
+ if (sql_num_query("SELECT `Anz` FROM `Counter` WHERE `URL`='" . sql_escape($p) . "'") == 0)
+ sql_query("INSERT INTO `Counter` ( `URL` , `Anz` ) VALUES ('" . sql_escape($p) . "', '1');");
+ else
+ sql_query("UPDATE `Counter` SET `Anz` = `Anz` + 1 WHERE `URL` = '" . sql_escape($p) . "' LIMIT 1 ;");
}
?>
diff --git a/includes/sys_log.php b/includes/sys_log.php
index 65c0aa41..60c765c0 100644
--- a/includes/sys_log.php
+++ b/includes/sys_log.php
@@ -1,13 +1,16 @@
<?php
/**
- * Write a log entry. This should be used to log user's activity.
- * @param $message
+ * Write a log entry.
+ * This should be used to log user's activity.
+ *
+ * @param
+ * $message
*/
function engelsystem_log($message) {
global $user;
- if(isset($user)) {
+ if (isset($user)) {
$nick = $user['Nick'];
} else {
$nick = "Guest";
@@ -16,4 +19,23 @@ function engelsystem_log($message) {
LogEntry_create($nick, $message);
}
+/**
+ * Generates a PHP Stacktrace.
+ */
+function debug_string_backtrace() {
+ ob_start();
+ debug_print_backtrace();
+ $trace = ob_get_contents();
+ ob_end_clean();
+
+ // Remove first item from backtrace as it's this function which
+ // is redundant.
+ $trace = preg_replace('/^#0\s+' . __FUNCTION__ . "[^\n]*\n/", '', $trace, 1);
+
+ // Renumber backtrace items.
+ $trace = preg_replace('/^#(\d+)/me', '\'#\' . ($1 - 1)', $trace);
+
+ return $trace;
+}
+
?> \ No newline at end of file
diff --git a/includes/sys_menu.php b/includes/sys_menu.php
index 5c69be39..f2611397 100644
--- a/includes/sys_menu.php
+++ b/includes/sys_menu.php
@@ -1,89 +1,109 @@
<?php
+
function page_link_to($page) {
- return '?p=' . $page;
+ return '?p=' . $page;
}
function page_link_to_absolute($page) {
- return (isset ($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . preg_replace("/\?.*$/", '', $_SERVER['REQUEST_URI']) . page_link_to($page);
+ return (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . preg_replace("/\?.*$/", '', $_SERVER['REQUEST_URI']) . page_link_to($page);
+}
+
+/**
+ * Renders the header toolbar containing search, login/logout, user and settings links.
+ */
+function header_toolbar() {
+ global $p, $privileges, $user;
+
+ $toolbar_items = array();
+
+ if(in_array('register', $privileges))
+ $toolbar_items[] = toolbar_item_link(page_link_to('register'), 'register', "Register", $p == 'register');
+
+ if(in_array('user_myshifts', $privileges))
+ $toolbar_items[] = toolbar_item_link(page_link_to('user_myshifts'), 'engel', $user['Nick'], $p == 'user_myshifts');
+
+ if(in_array('user_settings', $privileges))
+ $toolbar_items[] = toolbar_item_link(page_link_to('user_settings'), 'settings', "Settings", $p == 'user_settings');
+
+ if(in_array('login', $privileges))
+ $toolbar_items[] = toolbar_item_link(page_link_to('login'), 'login', "Login", $p == 'login');
+
+ if(in_array('logout', $privileges))
+ $toolbar_items[] = toolbar_item_link(page_link_to('logout'), 'logout', "Logout", $p == 'logout');
+
+ return toolbar($toolbar_items);
}
function make_navigation() {
- global $p;
- global $privileges;
- $menu_items = $privileges;
- $menu_items[] = "faq";
- $menu = "";
-
- // Standard Navigation
- $menu .= make_navigation_for(Get_Text('/'), array (
- "login",
- "logout",
- "register",
- "faq"
- ));
-
- // Engel Navigation
- $menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array (
- "news",
- "user_meetings",
- "user_myshifts",
- "user_shifts",
- "user_messages",
- "user_questions",
- "user_wakeup",
- "user_settings"
- ));
-
- // Admin Navigation
- $menu .= make_navigation_for(Get_Text('admin/'), array (
- "admin_arrive",
- "admin_active",
- "admin_user",
- "admin_free",
- "admin_usershifts",
- "admin_questions",
- "admin_angel_types",
- "admin_user_angeltypes",
- "admin_shifts",
- "admin_rooms",
- "admin_groups",
- "admin_faq",
- "admin_language",
- "admin_import",
- "admin_log"
- ));
- return $menu;
+ global $p;
+ global $privileges;
+ $menu = "";
+
+ $specials = array(
+ "faq"
+ );
+
+ $pages = array(
+ "news",
+ "user_meetings",
+ "user_myshifts",
+ "user_shifts",
+ "user_messages",
+ "user_questions",
+ "user_wakeup",
+ "admin_arrive",
+ "admin_active",
+ "admin_user",
+ "admin_free",
+ "admin_usershifts",
+ "admin_questions",
+ "admin_angel_types",
+ "admin_user_angeltypes",
+ "admin_shifts",
+ "admin_rooms",
+ "admin_groups",
+ "admin_faq",
+ "admin_language",
+ "admin_import",
+ "admin_log"
+ );
+
+ foreach ($pages as $page)
+ if (in_array($page, $privileges) || in_array($page, $specials))
+ $menu .= '<li' . ($page == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($page) . '">' . Get_Text($page) . '</a></li>';
+
+ return '<nav><ul>' . $menu . '</ul></nav>';
}
function make_navigation_for($name, $pages) {
- global $privileges, $p;
+ global $privileges, $p;
- $specials = array (
- "faq"
- );
+ $specials = array(
+ "faq"
+ );
- $menu = "";
- foreach ($pages as $page)
- if (in_array($page, $privileges) || in_array($page, $specials))
- $menu .= '<li' . ($page == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($page) . '">' . Get_Text($page) . '</a></li>';
+ $menu = "";
+ foreach ($pages as $page)
+ if (in_array($page, $privileges) || in_array($page, $specials))
+ $menu .= '<li' . ($page == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($page) . '">' . Get_Text($page) . '</a></li>';
- if ($menu != "")
- $menu = '<nav class="container"><h4>' . $name . '</h4><ul class="content">' . $menu . '</ul></nav>';
- return $menu;
+ if ($menu != "")
+ $menu = '<nav class="container"><h4>' . $name . '</h4><ul class="content">' . $menu . '</ul></nav>';
+ return $menu;
}
function make_menu() {
- return make_navigation() . make_langselect();
+ return make_navigation() . make_langselect();
}
function make_langselect() {
- if (strpos($_SERVER["REQUEST_URI"], "?") > 0)
- $URL = $_SERVER["REQUEST_URI"] . "&SetLanguage=";
- else
- $URL = $_SERVER["REQUEST_URI"] . "?SetLanguage=";
-
- $html = '<p class="content"><a class="sprache" href="' . htmlspecialchars($URL) . 'DE"><img src="pic/flag/de.png" alt="DE" title="Deutsch"></a>';
- $html .= '<a class="sprache" href="' . htmlspecialchars($URL) . 'EN"><img src="pic/flag/en.png" alt="EN" title="English"></a></p>';
- return '<nav class="container"><h4>' . Get_Text("Sprache") . '</h4>' . $html . '</nav>';
+ if (strpos($_SERVER["REQUEST_URI"], "?") > 0)
+ $URL = $_SERVER["REQUEST_URI"] . "&SetLanguage=";
+ else
+ $URL = $_SERVER["REQUEST_URI"] . "?SetLanguage=";
+
+ $html = '<p class="content"><a class="sprache" href="' . htmlspecialchars($URL) . 'DE"><img src="pic/flag/de.png" alt="DE" title="Deutsch"></a>';
+ $html .= '<a class="sprache" href="' . htmlspecialchars($URL) . 'EN"><img src="pic/flag/en.png" alt="EN" title="English"></a></p>';
+ return '<nav class="container"><h4>' . Get_Text("Sprache") . '</h4>' . $html . '</nav>';
}
?>
diff --git a/includes/sys_page.php b/includes/sys_page.php
index a49e76cb..f9ee0ea6 100644
--- a/includes/sys_page.php
+++ b/includes/sys_page.php
@@ -1,49 +1,49 @@
<?php
-
/**
* Leitet den Browser an die übergebene URL weiter und hält das Script an.
*/
function redirect($to) {
- header("Location: " . $to, true, 302);
- die();
+ header("Location: " . $to, true, 302);
+ die();
}
/**
* Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück
*/
function strip_request_item($name) {
- return strip_item($_REQUEST[$name]);
+ return strip_item($_REQUEST[$name]);
}
/**
- * Testet, ob der angegebene REQUEST Wert ein Integer ist, bzw. eine ID sein könnte.
+ * Testet, ob der angegebene REQUEST Wert ein Integer ist, bzw.
+ * eine ID sein könnte.
*/
function test_request_int($name) {
- if (isset ($_REQUEST[$name]))
- return preg_match("/^[0-9]*$/", $_REQUEST[$name]);
- return false;
+ if (isset($_REQUEST[$name]))
+ return preg_match("/^[0-9]*$/", $_REQUEST[$name]);
+ return false;
}
/**
* Gibt den gefilterten REQUEST Wert mit Zeilenumbrüchen zurück
*/
function strip_request_item_nl($name) {
- return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($_REQUEST[$name]));
+ return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($_REQUEST[$name]));
}
/**
* Entfernt unerwünschte Zeichen
*/
function strip_item($item) {
- return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item));
+ return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item));
}
/**
* Überprüft eine E-Mail-Adresse.
*/
function check_email($email) {
- return (bool) preg_match("#^([a-zA-Z0-9_+\-])+(\.([a-zA-Z0-9_+\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email);
+ return (bool) preg_match("#^([a-zA-Z0-9_+\-])+(\.([a-zA-Z0-9_+\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email);
}
?>
diff --git a/includes/sys_template.php b/includes/sys_template.php
index e15af7f8..a7662e84 100644
--- a/includes/sys_template.php
+++ b/includes/sys_template.php
@@ -1,29 +1,46 @@
<?php
-
/**
* Liste der verfügbaren Themes
*/
-$themes = array (
- "1" => "Standard-Style",
- "2" => "ot/Gelber Style",
- "3" => "Club-Mate Style",
- "5" => "Debian Style",
- "6" => "c-base Style",
- "7" => "Blau/Gelber Style",
- "8" => "Pastel Style",
- "4" => "Test Style",
- "9" => "Test Style 21c3",
- "10" => "Engelsystem 2.0",
- "11" => "msquare (29c3)"
+$themes = array(
+ "1" => "30C3 light",
+ "2" => "30C3 dark"
);
/**
+ * Render a toolbar.
+ *
+ * @param array $items
+ * @return string
+ */
+function toolbar($items = array()) {
+ return '<div class="toolbar">' . join("\n", $items) . '</div>';
+}
+
+/**
+ * Render a link for a toolbar.
+ * @param string $href
+ * @param string $class
+ * @param string $label
+ * @param bool $selected
+ * @return string
+ */
+function toolbar_item_link($href, $class, $label, $selected = false) {
+ return '<a href="' . $href . '" class="' . ($selected ? 'selected ' : '') . '' . $class . '">' . $label . '</a>';
+}
+
+/**
* Rendert eine Liste von Checkboxen für ein Formular
- * @param name Die Namen der Checkboxen werden aus name_key gebildet
- * @param label Die Beschriftung der Liste
- * @param items Array mit den einzelnen Checkboxen
- * @param selected Array mit den Keys, die ausgewählt sind
+ *
+ * @param
+ * name Die Namen der Checkboxen werden aus name_key gebildet
+ * @param
+ * label Die Beschriftung der Liste
+ * @param
+ * items Array mit den einzelnen Checkboxen
+ * @param
+ * selected Array mit den Keys, die ausgewählt sind
*/
function form_checkboxes($name, $label, $items, $selected) {
$html = "<ul>";
@@ -38,11 +55,17 @@ function form_checkboxes($name, $label, $items, $selected) {
/**
* Rendert eine Tabelle von Checkboxen für ein Formular
- * @param names Assoziatives Array mit Namen der Checkboxen als Keys und Überschriften als Values
- * @param label Die Beschriftung der gesamten Tabelle
- * @param items Array mit den Beschriftungen der Zeilen
- * @param selected Mehrdimensionales Array, wobei $selected[foo] ein Array der in der Datenreihe foo markierten Checkboxen ist
- * @param disabled Wie selected, nur dass die entsprechenden Checkboxen deaktiviert statt markiert sind
+ *
+ * @param
+ * names Assoziatives Array mit Namen der Checkboxen als Keys und Überschriften als Values
+ * @param
+ * label Die Beschriftung der gesamten Tabelle
+ * @param
+ * items Array mit den Beschriftungen der Zeilen
+ * @param
+ * selected Mehrdimensionales Array, wobei $selected[foo] ein Array der in der Datenreihe foo markierten Checkboxen ist
+ * @param
+ * disabled Wie selected, nur dass die entsprechenden Checkboxen deaktiviert statt markiert sind
*/
function form_multi_checkboxes($names, $label, $items, $selected, $disabled = array()) {
$html = "<table><thead><tr>";
@@ -54,7 +77,7 @@ function form_multi_checkboxes($names, $label, $items, $selected, $disabled = ar
foreach ($names as $name => $title) {
$id = $name . '_' . $key;
$sel = array_search($key, $selected[$name]) !== false ? ' checked="checked"' : "";
- if (!empty($disabled) && !empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false)
+ if (! empty($disabled) && ! empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false)
$sel .= ' disabled="disabled"';
$html .= '<td style="text-align: center;"><input type="checkbox" id="' . $id . '" name="' . $name . '[]" value="' . $key . '"' . $sel . ' /></td>';
}
@@ -131,7 +154,8 @@ function form($elements, $action = "") {
}
/**
- * Generiert HTML Code für eine "Seite". Fügt dazu die übergebenen Elemente zusammen.
+ * Generiert HTML Code für eine "Seite".
+ * Fügt dazu die übergebenen Elemente zusammen.
*/
function page($elements) {
return join($elements);
@@ -153,10 +177,10 @@ function table($columns, $rows, $data = true) {
foreach ($rows as $row) {
$html .= '<tr>';
foreach ($columns as $key => $column)
- if (isset ($row[$key]))
- $html .= '<td class="' . $key . '">' . $row[$key] . '</td>';
- else
- $html .= '<td class="' . $key . '">&nbsp;</td>';
+ if (isset($row[$key]))
+ $html .= '<td class="' . $key . '">' . $row[$key] . '</td>';
+ else
+ $html .= '<td class="' . $key . '">&nbsp;</td>';
$html .= '</tr>';
}
$html .= '</tbody>';
@@ -184,8 +208,8 @@ function template_render($file, $data) {
$template = file_get_contents($file);
if (is_array($data))
foreach ($data as $name => $content) {
- $template = str_replace("%" . $name . "%", $content, $template);
- }
+ $template = str_replace("%" . $name . "%", $content, $template);
+ }
return $template;
} else {
die('Cannot find template file &laquo;' . $file . '&raquo;.');
@@ -235,11 +259,10 @@ function html_select_key($id, $name, $rows, $selected) {
}
function img_button($link, $icon, $text, $extra_text = '') {
- $translation = empty($text)? '' : Get_Text($text);
- return '<a href="' . htmlspecialchars($link) . '"><img src="pic/icons/' . htmlspecialchars($icon) . '.png" alt="' . $translation . '" ' . (empty($translation)? '' : 'title="' . $translation . '"') . '>' . (empty($extra_text)? '' : ' ' . $extra_text) . '</a>';
+ $translation = empty($text) ? '' : Get_Text($text);
+ return '<a href="' . htmlspecialchars($link) . '"><img src="pic/icons/' . htmlspecialchars($icon) . '.png" alt="' . $translation . '" ' . (empty($translation) ? '' : 'title="' . $translation . '"') . '>' . (empty($extra_text) ? '' : ' ' . $extra_text) . '</a>';
}
-
function ReplaceSmilies($neueckig) {
$neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);
$neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig);