diff options
-rw-r--r-- | includes/model/LogEntries_model.php | 7 | ||||
-rw-r--r-- | includes/pages/admin_log.php | 86 | ||||
-rw-r--r-- | includes/pages/admin_user.php | 48 | ||||
-rw-r--r-- | includes/pages/guest_login.php | 7 | ||||
-rw-r--r-- | includes/pages/user_myshifts.php | 172 | ||||
-rw-r--r-- | includes/pages/user_news.php | 2 | ||||
-rw-r--r-- | includes/pages/user_settings.php | 400 | ||||
-rw-r--r-- | includes/pages/user_shifts.php | 26 | ||||
-rw-r--r-- | includes/sys_user.php | 175 | ||||
-rw-r--r-- | public/index.php | 3 | ||||
-rw-r--r-- | templates/user_questions.html | 2 |
11 files changed, 456 insertions, 472 deletions
diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php index d8615f0e..5659c0ee 100644 --- a/includes/model/LogEntries_model.php +++ b/includes/model/LogEntries_model.php @@ -6,10 +6,15 @@ * @param $message Log Message */ function LogEntry_create($nick, $message) { - $timestamp = date(); + $timestamp = time(); sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape($timestamp) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'"); } +function LogEntries() { + $log_entries_source = sql_select("SELECT * FROM `LogEntries` WHERE `timestamp` > " . (time() - 24*60*60) . " LIMIT 1000"); + return $log_entries_source; +} + ?>
\ No newline at end of file diff --git a/includes/pages/admin_log.php b/includes/pages/admin_log.php index 4a29a496..ce30a246 100644 --- a/includes/pages/admin_log.php +++ b/includes/pages/admin_log.php @@ -1,76 +1,20 @@ <?php function admin_log() { - require_once ("includes/funktion_db_list.php"); - - $html = ""; - $SQL = "SELECT * FROM `ChangeLog` ORDER BY `Time` DESC LIMIT 0,10000"; - $Erg = sql_query($SQL); - - if (mysql_num_rows($Erg) > 0) { - $html .= "<table border=1>\n"; - $html .= "<tr>\n\t<th>Time</th>\n\t<th>User</th>\n\t<th>Commend</th>\n\t<th>SQL Command</th>\n</tr>\n"; - for ($n = 0; $n < mysql_num_rows($Erg); $n++) { - $html .= "<tr>\n"; - $html .= "\t<td>" . mysql_result($Erg, $n, "Time") . "</td>\n"; - $html .= "\t<td>" . UID2Nick(mysql_result($Erg, $n, "UID")) . displayavatar(mysql_result($Erg, $n, "UID")) . "</td>\n"; - $html .= "\t<td>" . mysql_result($Erg, $n, "Commend") . "</td>\n"; - $html .= "\t<td>" . mysql_result($Erg, $n, "SQLCommad") . "</td>\n"; - $html .= "</tr>\n"; - } - $html .= "</table>\n"; - } else { - $html .= "Log is empty..."; - } - $html .= "<hr />"; - - $html .= "<h1>Web Counter</h1>"; - $html .= funktion_db_list("Counter"); - - /* - $html .= "<h1>Raeume</h1> <br />"; - funktion_db_list("Raeume"); - - $html .= "<h1>Schichtbelegung</h1> <br />"; - funktion_db_list("Schichtbelegung"); - - $html .= "<h1>Schichtplan</h1> <br />Hier findest du alle bisher eingetragenen Schichten:"; - funktion_db_list("Schichtplan"); - - $html .= "<h1>User</h1> <br />"; - funktion_db_list("User"); - - $html .= "<h1>News</h1> <br />"; - funktion_db_list("News"); - - $html .= "<h1>FAQ</h1> <br />"; - funktion_db_list("FAQ"); - - $html .= "Deaktiviert"; - */ - - $html .= "<hr>\n"; - $html .= funktion_db_element_list_2row("Tshirt-Size aller engel", "SELECT `Size`, COUNT(`Size`) FROM `User` GROUP BY `Size`"); - $html .= "<br />\n"; - $html .= funktion_db_element_list_2row("Tshirt ausgegeben", "SELECT `Size`, COUNT(`Size`) FROM `User` WHERE `Tshirt`='1' GROUP BY `Size`"); - $html .= "<br />\n"; - $html .= funktion_db_element_list_2row("Tshirt nicht ausgegeben (Gekommen=1)", "SELECT COUNT(`Size`), `Size` FROM `User` WHERE `Gekommen`='1' and `Tshirt`='0' GROUP BY `Size`"); - - $html .= "<hr>\n"; - $html .= funktion_db_element_list_2row("Hometown", "SELECT COUNT(`Hometown`), `Hometown` FROM `User` GROUP BY `Hometown`"); - $html .= "<br />\n"; - $html .= funktion_db_element_list_2row("Engeltypen", "SELECT COUNT(`Art`), `Art` FROM `User` GROUP BY `Art`"); - - $html .= "<hr>\n"; - $html .= funktion_db_element_list_2row("Gesamte Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID)"); - $html .= "<br />\n"; - $html .= funktion_db_element_list_2row("Geleistete Arbeit", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0)"); - - $html .= "<hr>\n"; - $html .= funktion_db_element_list_2row("Gesamte Arbeit (Ohne Raum Aufbau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (Shifts.RID!=7)"); - $html .= "<br />\n"; - $html .= funktion_db_element_list_2row("Geleistete Arbeit (Ohne Raum Aufbau (RID=7)", "SELECT COUNT(*) AS `Count [x]`, SUM(Shifts.Len) as `Sum [h]` from Shifts LEFT JOIN ShiftEntry USING(SID) WHERE (ShiftEntry.UID!=0) AND (Shifts.RID!=7)"); - - return $html; + $log_entries_source = LogEntries(); + $log_entries = array(); + foreach($log_entries_source as $log_entry) { + $log_entry['date'] = date("H:i", $log_entry['timestamp']); + $log_entries[] = $log_entry; + } + + return page(array( + msg(), + table(array( + 'date' => "Time", + 'nick' => "Angel", + 'message' => "Log Entry" + ), $log_entries) + )); } ?> diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index a2ab7b07..8d900c1b 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -110,10 +110,13 @@ function admin_user() { // Assign angel-types sql_start_transaction(); sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID'])); + $user_angel_type_info = array(); if (!empty($selected_angel_types)) { $SQL = "INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES "; - foreach ($selected_angel_types as $selected_angel_type_id) - $SQL .= "(${user_source['UID']}, ${selected_angel_type_id}),"; + foreach ($selected_angel_types as $selected_angel_type_id) { + $SQL .= "(" . $user_source['UID'] . ", " . $selected_angel_type_id . "),"; + $user_angel_type_info[] = $angel_types[$selected_angel_type_id] . (in_array($selected_angel_type_id, $accepted_angel_types) ? ' (confirmed)' : ''); + } // remove superfluous comma $SQL = substr($SQL, 0, -1); sql_query($SQL); @@ -125,16 +128,7 @@ function admin_user() { } sql_stop_transaction(); - foreach ($selected_angel_types as $selected_angel_type_id) { - if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) { - if (in_array("admin_user_angeltypes", $privileges)) { - sql_query("INSERT INTO `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($user['UID']) . ", `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); - } else { - sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); - } - } - } - + engelsystem_log("Set angeltypes of " . $user_source['Nick'] . " to: " . join(", ", $user_angel_type_info)); success("Angeltypes saved."); redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']); } @@ -142,10 +136,10 @@ function admin_user() { $html .= form(array ( msg(), form_multi_checkboxes(array('selected_angel_types' => 'gewünscht', 'accepted_angel_types' => 'akzeptiert'), - "Angeltypes", - $angel_types, - array('selected_angel_types' => $selected_angel_types, 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types)), - array('accepted_angel_types' => $nonrestricted_angel_types)), + "Angeltypes", + $angel_types, + array('selected_angel_types' => $selected_angel_types, 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types)), + array('accepted_angel_types' => $nonrestricted_angel_types)), form_submit('submit_user_angeltypes', Get_Text("Save")) )); @@ -202,19 +196,26 @@ function admin_user() { $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `group_id`"); if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) { - $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`"); + $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`"); + $groups = array(); $grouplist = array (); - foreach ($groups as $group) + foreach ($groups_source as $group) { + $groups[$group['UID']] = $group; $grouplist[] = $group['UID']; + } if (!is_array($_REQUEST['groups'])) $_REQUEST['groups'] = array (); sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); - foreach ($_REQUEST['groups'] as $group) - if (in_array($group, $grouplist)) - sql_query("INSERT INTO `UserGroups` SET `uid`=" . - sql_escape($id) . ", `group_id`=" . sql_escape($group)); + $user_groups_info = array(); + foreach ($_REQUEST['groups'] as $group) { + if (in_array($group, $grouplist)) { + sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($id) . ", `group_id`=" . sql_escape($group)); + $user_groups_info[] = $groups[$group]['Name']; + } + } + engelsystem_log("Set groups of " . $user_source['Nick'] . " to: " . join(", ", $user_groups_info)); $html .= success("Benutzergruppen gespeichert.", true); } else { $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true); @@ -229,6 +230,7 @@ function admin_user() { sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id)); sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id)); + engelsystem_log("Deleted user " . $user_source['Nick']); $html .= success("Benutzer gelöscht!", true); } else { $html .= error("Du kannst Dich nicht selber löschen!", true); @@ -254,12 +256,14 @@ function admin_user() { "WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1;"; sql_query($SQL); + engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]); $html .= success("Änderung wurde gespeichert...\n", true); break; case 'change_pw' : if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { set_password($id, $_REQUEST['new_pw']); + engelsystem_log("Set new password for " . $user_source['Nick']); $html .= success("Passwort neu gesetzt.", true); } else { $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index db479388..073e2625 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -116,9 +116,12 @@ function guest_register() { set_password($user_id, $_REQUEST['password']); // Assign angel-types - foreach ($selected_angel_types as $selected_angel_type_id) + $user_angel_types_info = array(); + foreach ($selected_angel_types as $selected_angel_type_id) { sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_id) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); - + $user_angel_types_info[] = $angel_types[$selected_angel_type_id]['name']; + } + engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info)); success(Get_Text("makeuser_writeOK4")); //if (!isset ($_SESSION['uid'])) redirect(page_link_to('login')); diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 2d1981fa..d8f94b81 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -3,100 +3,98 @@ // Zeigt die Schichten an, die ein Benutzer belegt function user_myshifts() { - global $LETZTES_AUSTRAGEN; - global $user, $privileges; - $msg = ""; + global $LETZTES_AUSTRAGEN; + global $user, $privileges; + $msg = ""; - if (isset ($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { - $id = $_REQUEST['id']; - } else { - $id = $user['UID']; - } + if (isset ($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) { + $id = $_REQUEST['id']; + } else { + $id = $user['UID']; + } - list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + list ($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); - if ($id != $user['UID']) - $msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true); + if ($id != $user['UID']) + $msg .= info(sprintf("You are viewing %s's shifts.", $shifts_user['Nick']), true); - if (isset ($_REQUEST['reset'])) { - if ($_REQUEST['reset'] == "ack") { - user_reset_ical_key($user); - success("Key geändert."); - redirect(page_link_to('user_myshifts')); - } - return template_render('../templates/user_myshifts_reset.html', array ()); - } - elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) { - $id = $_REQUEST['edit']; - $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); - if (count($shift) > 0) { - $shift = $shift[0]; + if (isset ($_REQUEST['reset'])) { + if ($_REQUEST['reset'] == "ack") { + user_reset_ical_key($user); + success("Key geändert."); + redirect(page_link_to('user_myshifts')); + } + return template_render('../templates/user_myshifts_reset.html', array ()); + } + elseif (isset ($_REQUEST['edit']) && preg_match("/^[0-9]*$/", $_REQUEST['edit'])) { + $id = $_REQUEST['edit']; + $shift = sql_select("SELECT `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); + if (count($shift) > 0) { + $shift = $shift[0]; - if (isset ($_REQUEST['submit'])) { - $comment = strip_request_item_nl('comment'); - sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (isset ($_REQUEST['submit'])) { + $comment = strip_request_item_nl('comment'); + $user_source = User($shift['UID']); + sql_query("UPDATE `ShiftEntry` SET `Comment`='" . sql_escape($comment) . "' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + engelsystem_log("Updated " . $user_source['Nick'] . "'s shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end']) . " with comment " . $comment); + success("Schicht gespeichert."); + redirect(page_link_to('user_myshifts')); + } - success("Schicht gespeichert."); - redirect(page_link_to('user_myshifts')); - } + return template_render('../templates/user_shifts_add.html', array ( + 'angel' => $shifts_user['Nick'], + 'date' => date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), + 'location' => $shift['Name'], + 'title' => $shift['name'], + 'type' => $shift['angel_type'], + 'comment' => $shift['Comment'] + )); + } else + redirect(page_link_to('user_myshifts')); + } + elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) { + $id = $_REQUEST['cancel']; + $shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); + if (count($shift) > 0) { + $shift = $shift[0]; + if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) { + sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + $msg .= success(Get_Text("pub_myshifts_signed_off"), true); + } else + $msg .= error(Get_Text("pub_myshifts_too_late"), true); + } else + redirect(page_link_to('user_myshifts')); + } + $shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`"); - return template_render('../templates/user_shifts_add.html', array ( - 'angel' => $shifts_user['Nick'], - 'date' => date("Y-m-d H:i", $shift['start']) . ', ' . shift_length($shift), - 'location' => $shift['Name'], - 'title' => $shift['name'], - 'type' => $shift['angel_type'], - 'comment' => $shift['Comment'] - )); - } else - redirect(page_link_to('user_myshifts')); - } - elseif (isset ($_REQUEST['cancel']) && preg_match("/^[0-9]*$/", $_REQUEST['cancel'])) { - $id = $_REQUEST['cancel']; - $shift = sql_select("SELECT * FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1"); - if (count($shift) > 0) { - $shift = $shift[0]; - if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) { - sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - $msg .= success(Get_Text("pub_myshifts_signed_off"), true); - } else - $msg .= error(Get_Text("pub_myshifts_too_late"), true); - } else - redirect(page_link_to('user_myshifts')); - } - $shifts = sql_select("SELECT * FROM `ShiftEntry` JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `UID`=" . sql_escape($shifts_user['UID']) . " ORDER BY `start`"); + $html = ""; + foreach ($shifts as $shift) { + if (time() > $shift['end']) + $html .= '<tr class="done">'; + else + $html .= '<tr>'; + $html .= '<td>' . date("Y-m-d", $shift['start']) . '</td>'; + $html .= '<td>' . date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . '</td>'; + $html .= '<td>' . $shift['Name'] . '</td>'; + $html .= '<td>' . $shift['name'] . '</td>'; + $html .= '<td>' . $shift['Comment'] . '</td>'; + $html .= '<td>'; + $html .= '<a href="' . page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '">' . Get_Text('edit') . '</a>'; + if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 3600) + $html .= ' | <a href="' . page_link_to('user_myshifts') . '&cancel=' . $shift['id'] . '">' . Get_Text('sign_off') . '</a>'; + $html .= '</td>'; + $html .= '</tr>'; + } + if ($html == "") + $html = '<tr><td>' . ucfirst(Get_Text('none')) . '...</td><td></td><td></td><td></td><td></td><td>' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . '</td></tr>'; - $html = ""; - foreach ($shifts as $shift) { - if (time() > $shift['end']) - $html .= '<tr class="done">'; - else - $html .= '<tr>'; - $html .= '<td>' . date("Y-m-d", $shift['start']) . '</td>'; - $html .= '<td>' . date("H:i", $shift['start']) . ' - ' . date("H:i", $shift['end']) . '</td>'; - $html .= '<td>' . $shift['Name'] . '</td>'; - $html .= '<td>' . $shift['name'] . '</td>'; - $html .= '<td>' . $shift['Comment'] . '</td>'; - $html .= '<td>'; - $html .= '<a href="' . page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '">' . Get_Text('edit') . '</a>'; - if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 3600) - $html .= ' | <a href="' . page_link_to('user_myshifts') . '&cancel=' . $shift['id'] . '">' . Get_Text('sign_off') . '</a>'; - $html .= '</td>'; - $html .= '</tr>'; - } - if ($html == "") - $html = '<tr><td>' . ucfirst(Get_Text('none')) . '...</td><td></td><td></td><td></td><td></td><td>' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . '</td></tr>'; - - if ($shifts_user['ical_key'] == "") - user_reset_ical_key($shifts_user); - - return msg().template_render('../templates/user_myshifts.html', array ( - 'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN), - 'shifts' => $html, - 'msg' => $msg, - 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), - page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'], - page_link_to('user_myshifts') . '&reset'), -)); + return msg().template_render('../templates/user_myshifts.html', array ( + 'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN), + 'shifts' => $html, + 'msg' => $msg, + 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), + page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'], + page_link_to('user_myshifts') . '&reset'), + )); } ?> diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index fcf2437c..95cc345e 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -58,6 +58,7 @@ function user_news_comments() { if (isset ($_REQUEST["text"])) { $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')"); + engelsystem_log("Created news_comment: " . $text); $html .= success("Eintrag wurde gespeichert", true); } @@ -114,6 +115,7 @@ function user_news() { sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "', '" . sql_escape($_POST["treffen"]) . "');"); + engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]); $html .= success(Get_Text(4), true); } diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index 14dcf96f..70033d18 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -1,201 +1,207 @@ <?php function user_settings() { - global $enable_tshirt_size, $tshirt_sizes, $themes, $languages; - global $user; - - $msg = ""; - $nick = $user['Nick']; - $lastname = $user['Name']; - $prename = $user['Vorname']; - $age = $user['Alter']; - $tel = $user['Telefon']; - $dect = $user['DECT']; - $mobile = $user['Handy']; - $mail = $user['email']; - $icq = $user['ICQ']; - $jabber = $user['jabber']; - $hometown = $user['Hometown']; - $tshirt_size = $user['Size']; - $password_hash = ""; - $selected_theme = $user['color']; - $selected_language = $user['Sprache']; - - $selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID'])); - $selected_angel_types = array (); - foreach ($selected_angel_types_source as $selected_angel_type) - $selected_angel_types[] = $selected_angel_type['angeltype_id']; - - $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); - $angel_types = array (); - foreach ($angel_types_source as $angel_type) - $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); - - if (isset ($_REQUEST['submit'])) { - $ok = true; - - if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) { - $nick = strip_request_item('nick'); - if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { - $ok = false; - $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true); - } - } else { - $ok = false; - $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true); - } - - if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { - $mail = strip_request_item('mail'); - if (!check_email($mail)) { - $ok = false; - $msg .= error(Get_Text("makeuser_error_mail"), true); - } - } else { - $ok = false; - $msg .= error("Please enter your e-mail.", true); - } - - if (isset ($_REQUEST['icq'])) - $icq = strip_request_item('icq'); - if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { - $jabber = strip_request_item('jabber'); - if (!check_email($jabber)) { - $ok = false; - $msg .= error("Please check your jabber.", true); - } - } - - if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']])) - $tshirt_size = $_REQUEST['tshirt_size']; - else { - $ok = false; - } - - $selected_angel_types = array (); - foreach ($angel_types as $angel_type_id => $angel_type_name) - if (isset ($_REQUEST['angel_types_' . $angel_type_id])) - $selected_angel_types[] = $angel_type_id; - - // Trivia - if (isset ($_REQUEST['lastname'])) - $lastname = strip_request_item('lastname'); - if (isset ($_REQUEST['prename'])) - $prename = strip_request_item('prename'); - if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age'])) - $age = strip_request_item('age'); - if (isset ($_REQUEST['tel'])) - $tel = strip_request_item('tel'); - if (isset ($_REQUEST['dect'])) - $dect = strip_request_item('dect'); - if (isset ($_REQUEST['mobile'])) - $mobile = strip_request_item('mobile'); - if (isset ($_REQUEST['hometown'])) - $hometown = strip_request_item('hometown'); - - if ($ok) { - sql_query("UPDATE `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) . - "', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) . - "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . - "', `Hometown`='" . sql_escape($hometown) . "' WHERE `UID`=" . sql_escape($user['UID'])); - - // Assign angel-types - foreach ($angel_types_source as $angel_type) - if (!in_array($angel_type['id'], $selected_angel_types)) - sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1"); - - foreach ($selected_angel_types as $selected_angel_type_id) - if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) - sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); - - success("Settings saved."); - redirect(page_link_to('user_settings')); - } - } - elseif (isset ($_REQUEST['submit_password'])) { - $ok = true; - - if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) - $msg .= error(Get_Text(30), true); - elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) - $msg .= error(Get_Text("makeuser_error_password2")); - elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) - $msg .= error(Get_Text("makeuser_error_password1"), true); - elseif(set_password($user['UID'], $_REQUEST['new_password'])) - success("Password saved."); - else - error("Failed setting password."); - redirect(page_link_to('user_settings')); - } - elseif (isset ($_REQUEST['submit_theme'])) { - $ok = true; - - if (isset ($_REQUEST['theme']) && isset ($themes[$_REQUEST['theme']])) - $selected_theme = $_REQUEST['theme']; - else - $ok = false; - - if ($ok) { - sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID'])); - - success("Theme changed."); - redirect(page_link_to('user_settings')); - } - } - elseif (isset ($_REQUEST['submit_language'])) { - $ok = true; - - if (isset ($_REQUEST['language']) && isset ($languages[$_REQUEST['language']])) - $selected_language = $_REQUEST['language']; - else - $ok = false; - - if ($ok) { - sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID'])); - $_SESSION['Sprache'] = $selected_language; - - success("Language changed."); - redirect(page_link_to('user_settings')); - } - } - - return page(array ( - sprintf(Get_Text("Hallo") . "%s,<br />" . Get_Text(13), $user['Nick']), - $msg, - msg(), - form(array ( - form_info("", Get_Text("pub_einstellungen_Text_UserData")), - form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick), - form_text('lastname', Get_Text("makeuser_Nachname"), $lastname), - form_text('prename', Get_Text("makeuser_Vorname"), $prename), - form_text('age', Get_Text("makeuser_Alter"), $age), - form_text('tel', Get_Text("makeuser_Telefon"), $tel), - form_text('dect', Get_Text("makeuser_DECT"), $dect), - form_text('mobile', Get_Text("makeuser_Handy"), $mobile), - form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail), - form_text('icq', "ICQ", $icq), - form_text('jabber', "Jabber", $jabber), - form_text('hometown', Get_Text("makeuser_Hometown"), $hometown), - $enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '', - form_checkboxes('angel_types', "What do you want to do?", $angel_types, $selected_angel_types), - form_submit('submit', Get_Text("save")) - )), - form(array ( - form_info("", Get_Text(14)), - form_password('password', Get_Text(15)), - form_password('new_password', Get_Text(16)), - form_password('new_password2', Get_Text(17)), - form_submit('submit_password', Get_Text("save")) - )), - form(array ( - form_info("", Get_Text(18)), - form_select('theme', Get_Text(19), $themes, $selected_theme), - form_submit('submit_theme', Get_Text("save")) - )), - form(array ( - form_info("", Get_Text(20)), - form_select('language', Get_Text(21), $languages, $selected_language), - form_submit('submit_language', Get_Text("save")) - )) - )); + global $enable_tshirt_size, $tshirt_sizes, $themes, $languages; + global $user; + + $msg = ""; + $nick = $user['Nick']; + $lastname = $user['Name']; + $prename = $user['Vorname']; + $age = $user['Alter']; + $tel = $user['Telefon']; + $dect = $user['DECT']; + $mobile = $user['Handy']; + $mail = $user['email']; + $icq = $user['ICQ']; + $jabber = $user['jabber']; + $hometown = $user['Hometown']; + $tshirt_size = $user['Size']; + $password_hash = ""; + $selected_theme = $user['color']; + $selected_language = $user['Sprache']; + + $selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID'])); + $selected_angel_types = array (); + foreach ($selected_angel_types_source as $selected_angel_type) + $selected_angel_types[] = $selected_angel_type['angeltype_id']; + + $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); + $angel_types = array (); + foreach ($angel_types_source as $angel_type) + $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); + + if (isset ($_REQUEST['submit'])) { + $ok = true; + + if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) { + $nick = strip_request_item('nick'); + if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { + $ok = false; + $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true); + } + } else { + $ok = false; + $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true); + } + + if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { + $mail = strip_request_item('mail'); + if (!check_email($mail)) { + $ok = false; + $msg .= error(Get_Text("makeuser_error_mail"), true); + } + } else { + $ok = false; + $msg .= error("Please enter your e-mail.", true); + } + + if (isset ($_REQUEST['icq'])) + $icq = strip_request_item('icq'); + if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { + $jabber = strip_request_item('jabber'); + if (!check_email($jabber)) { + $ok = false; + $msg .= error("Please check your jabber.", true); + } + } + + if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']])) + $tshirt_size = $_REQUEST['tshirt_size']; + else { + $ok = false; + } + + $selected_angel_types = array (); + foreach ($angel_types as $angel_type_id => $angel_type_name) + if (isset ($_REQUEST['angel_types_' . $angel_type_id])) + $selected_angel_types[] = $angel_type_id; + + // Trivia + if (isset ($_REQUEST['lastname'])) + $lastname = strip_request_item('lastname'); + if (isset ($_REQUEST['prename'])) + $prename = strip_request_item('prename'); + if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age'])) + $age = strip_request_item('age'); + if (isset ($_REQUEST['tel'])) + $tel = strip_request_item('tel'); + if (isset ($_REQUEST['dect'])) + $dect = strip_request_item('dect'); + if (isset ($_REQUEST['mobile'])) + $mobile = strip_request_item('mobile'); + if (isset ($_REQUEST['hometown'])) + $hometown = strip_request_item('hometown'); + + if ($ok) { + sql_query("UPDATE `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) . + "', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) . + "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . + "', `Hometown`='" . sql_escape($hometown) . "' WHERE `UID`=" . sql_escape($user['UID'])); + + // Assign angel-types + $user_angel_type_info = array(); + foreach ($angel_types_source as $angel_type) { + if (!in_array($angel_type['id'], $selected_angel_types)) + sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1"); + else + $user_angel_type_info[] = $angel_type['name']; + } + + foreach ($selected_angel_types as $selected_angel_type_id) { + if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) + sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id)); + } + + engelsystem_log("Own angel types set to: " . join(", ", $user_angel_type_info)); + success("Settings saved."); + redirect(page_link_to('user_settings')); + } + } + elseif (isset ($_REQUEST['submit_password'])) { + $ok = true; + + if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) + $msg .= error(Get_Text(30), true); + elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) + $msg .= error(Get_Text("makeuser_error_password2")); + elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) + $msg .= error(Get_Text("makeuser_error_password1"), true); + elseif(set_password($user['UID'], $_REQUEST['new_password'])) + success("Password saved."); + else + error("Failed setting password."); + redirect(page_link_to('user_settings')); + } + elseif (isset ($_REQUEST['submit_theme'])) { + $ok = true; + + if (isset ($_REQUEST['theme']) && isset ($themes[$_REQUEST['theme']])) + $selected_theme = $_REQUEST['theme']; + else + $ok = false; + + if ($ok) { + sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID'])); + + success("Theme changed."); + redirect(page_link_to('user_settings')); + } + } + elseif (isset ($_REQUEST['submit_language'])) { + $ok = true; + + if (isset ($_REQUEST['language']) && isset ($languages[$_REQUEST['language']])) + $selected_language = $_REQUEST['language']; + else + $ok = false; + + if ($ok) { + sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID'])); + $_SESSION['Sprache'] = $selected_language; + + success("Language changed."); + redirect(page_link_to('user_settings')); + } + } + + return page(array ( + sprintf(Get_Text("Hallo") . "%s,<br />" . Get_Text(13), $user['Nick']), + $msg, + msg(), + form(array ( + form_info("", Get_Text("pub_einstellungen_Text_UserData")), + form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick), + form_text('lastname', Get_Text("makeuser_Nachname"), $lastname), + form_text('prename', Get_Text("makeuser_Vorname"), $prename), + form_text('age', Get_Text("makeuser_Alter"), $age), + form_text('tel', Get_Text("makeuser_Telefon"), $tel), + form_text('dect', Get_Text("makeuser_DECT"), $dect), + form_text('mobile', Get_Text("makeuser_Handy"), $mobile), + form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail), + form_text('icq', "ICQ", $icq), + form_text('jabber', "Jabber", $jabber), + form_text('hometown', Get_Text("makeuser_Hometown"), $hometown), + $enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '', + form_checkboxes('angel_types', "What do you want to do?", $angel_types, $selected_angel_types), + form_submit('submit', Get_Text("save")) + )), + form(array ( + form_info("", Get_Text(14)), + form_password('password', Get_Text(15)), + form_password('new_password', Get_Text(16)), + form_password('new_password2', Get_Text(17)), + form_submit('submit_password', Get_Text("save")) + )), + form(array ( + form_info("", Get_Text(18)), + form_select('theme', Get_Text(19), $themes, $selected_theme), + form_submit('submit_theme', Get_Text("save")) + )), + form(array ( + form_info("", Get_Text(20)), + form_select('language', Get_Text(21), $languages, $selected_language), + form_submit('submit_language', Get_Text("save")) + )) + )); } ?> diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 073c0d36..c239ca71 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -9,8 +9,15 @@ function user_shifts() { else redirect(page_link_to('user_shifts')); - sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1"); - success("Der Schicht-Eintrag wurde gelöscht."); + $shift_entry_source = sql_select("SELECT `User`.`Nick`, `ShiftEntry`.`Comment`, `ShiftEntry`.`UID`, `Shifts`.*, `Room`.`Name`, `AngelTypes`.`name` as `angel_type` FROM `ShiftEntry` JOIN `User` ON (`User`.`UID`=`ShiftEntry`.`UID`) JOIN `AngelTypes` ON (`ShiftEntry`.`TID` = `AngelTypes`.`id`) JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`) JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`) WHERE `ShiftEntry`.`id`=" . sql_escape($entry_id) . " LIMIT 1"); + if(count($shift_entry_source) > 0) { + $shift_entry_source = $shift_entry_source[0]; + sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($entry_id) . " LIMIT 1"); + + engelsystem_log("Deleted " . $shift_entry_source['Nick'] . "'s shift: " . $shift_entry_source['name'] . " at " . $shift_entry_source['Name'] . " from " . date("y-m-d H:i", $shift_entry_source['start']) . " to " . date("y-m-d H:i", $shift_entry_source['end']) . " as " . $shift_entry_source['angel_type']); + success("Der Schicht-Eintrag wurde gelöscht."); + } + else error("Entry not found."); redirect(page_link_to('user_shifts')); } // Schicht bearbeiten @@ -43,9 +50,12 @@ function user_shifts() { // Engeltypen laden $types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); + $angel_types = array(); $needed_angel_types = array (); - foreach ($types as $type) + foreach ($types as $type) { + $angel_types[$type['id']] = $type; $needed_angel_types[$type['id']] = 0; + } // Benötigte Engeltypen vom Raum $needed_angel_types_source = sql_select("SELECT `AngelTypes`.*, `NeededAngelTypes`.`count` FROM `AngelTypes` LEFT JOIN `NeededAngelTypes` ON (`NeededAngelTypes`.`angel_type_id` = `AngelTypes`.`id` AND `NeededAngelTypes`.`room_id`=" . sql_escape($shift['RID']) . ") ORDER BY `AngelTypes`.`name`");
@@ -110,8 +120,13 @@ function user_shifts() { if ($ok) { sql_query("UPDATE `Shifts` SET `start`=" . sql_escape($start) . ", `end`=" . sql_escape($end) . ", `RID`=" . sql_escape($rid) . ", `name`='" . sql_escape($name) . "' WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); - foreach ($needed_angel_types as $type_id => $count) + $needed_angel_types_info = array(); + foreach ($needed_angel_types as $type_id => $count) { sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); + $needed_angel_types_info[] = $angel_types[$type_id]; + } + + engelsystem_log("Updated shift " . $name . " from " . date("y-m-d H:i", $start) . " to " . date("y-m-d H:i", $end) . " with angel types " . join(", ", $needed_angel_types_info)); success("Schicht gespeichert."); redirect(page_link_to('user_shifts')); } @@ -155,6 +170,7 @@ function user_shifts() { sql_query("DELETE FROM `NeededAngelTypes` WHERE `shift_id`=" . sql_escape($shift_id)); sql_query("DELETE FROM `Shifts` WHERE `SID`=" . sql_escape($shift_id) . " LIMIT 1"); + engelsystem_log("Deleted shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end'])); success("Die Schicht wurde gelöscht."); redirect(page_link_to('user_shifts')); } @@ -222,6 +238,8 @@ function user_shifts() { if (sql_num_query("SELECT * FROM `UserAngelTypes` INNER JOIN `AngelTypes` ON `AngelTypes`.`id` = `UserAngelTypes`.`angeltype_id` WHERE `AngelTypes`.`restricted` = 0 AND `user_id` = '" . sql_escape($user_id) . "' AND `angeltype_id` = '" . sql_escape($selected_type_id) . "'") == 0) sql_query("INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ('" . sql_escape($user_id) . "', '" . sql_escape($selected_type_id) . "')"); + $user_source = User($user_id); + engelsystem_log("User " . $user_source['Nick'] . " signed up for shift " . $shift['name'] . " from " . date("y-m-d H:i", $shift['start']) . " to " . date("y-m-d H:i", $shift['end'])); success("Du bist eingetragen. Danke!" . ' <a href="' . page_link_to('user_myshifts') . '">Meine Schichten »</a>'); redirect(page_link_to('user_shifts')); } diff --git a/includes/sys_user.php b/includes/sys_user.php index 20d9eca0..88002706 100644 --- a/includes/sys_user.php +++ b/includes/sys_user.php @@ -6,125 +6,126 @@ */ $tshirt_sizes = array ( '' => "Please select...", - 'S' => "S", - 'M' => "M", - 'L' => "L", - 'XL' => "XL", - '2XL' => "2XL", - '3XL' => "3XL", - '4XL' => "4XL", - '5XL' => "5XL", - 'S-G' => "S Girl", - 'M-G' => "M Girl", - 'L-G' => "L Girl", - 'XL-G' => "XL Girl" + 'S' => "S", + 'M' => "M", + 'L' => "L", + 'XL' => "XL", + '2XL' => "2XL", + '3XL' => "3XL", + '4XL' => "4XL", + '5XL' => "5XL", + 'S-G' => "S Girl", + 'M-G' => "M Girl", + 'L-G' => "L Girl", + 'XL-G' => "XL Girl" ); function user_reset_ical_key($user) { - $user['ical_key'] = md5($user['Nick'] . time() . rand()); - sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); + $user['ical_key'] = md5($user['Nick'] . time() . rand()); + sql_query("UPDATE `User` SET `ical_key`='" . sql_escape($user['ical_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); + engelsystem_log("iCal key resetted."); } function UID2Nick($UID) { - if ($UID > 0) - $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'"; - else - $SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'"; - - $Erg = sql_select($SQL); - - if (count($Erg) > 0) { - if ($UID > 0) - return $Erg[0]['Nick']; - else - return "Group-" . $Erg[0]['Name']; - } else { - if ($UID == -1) - return "Guest"; - else - return "UserID $UID not found"; - } + if ($UID > 0) + $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'"; + else + $SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'"; + + $Erg = sql_select($SQL); + + if (count($Erg) > 0) { + if ($UID > 0) + return $Erg[0]['Nick']; + else + return "Group-" . $Erg[0]['Name']; + } else { + if ($UID == -1) + return "Guest"; + else + return "UserID $UID not found"; + } } function TID2Type($TID) { - global $con; + global $con; - $SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'"; - $Erg = mysql_query($SQL, $con); + $SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'"; + $Erg = mysql_query($SQL, $con); - if (mysql_num_rows($Erg)) - return mysql_result($Erg, 0); - else - return ""; + if (mysql_num_rows($Erg)) + return mysql_result($Erg, 0); + else + return ""; } function ReplaceSmilies($neueckig) { - $neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig); - $neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig); - $neueckig = str_replace(";o)", "<img src=\"pic/smiles/icon_wind.gif\">", $neueckig); - $neueckig = str_replace(":)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig); - $neueckig = str_replace(":-)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig); - $neueckig = str_replace(":(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig); - $neueckig = str_replace(":-(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig); - $neueckig = str_replace(":o(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig); - $neueckig = str_replace(":o)", "<img src=\"pic/smiles/icon_lol.gif\">", $neueckig); - $neueckig = str_replace(";o(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig); - $neueckig = str_replace(";(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig); - $neueckig = str_replace(";-(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig); - $neueckig = str_replace("8)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig); - $neueckig = str_replace("8o)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig); - $neueckig = str_replace(":P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig); - $neueckig = str_replace(":-P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig); - $neueckig = str_replace(":oP", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig); - $neueckig = str_replace(";P", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig); - $neueckig = str_replace(";oP", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig); - $neueckig = str_replace("?)", "<img src=\"pic/smiles/icon_question.gif\">", $neueckig); - - return $neueckig; + $neueckig = str_replace(";o))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig); + $neueckig = str_replace(":-))", "<img src=\"pic/smiles/icon_redface.gif\">", $neueckig); + $neueckig = str_replace(";o)", "<img src=\"pic/smiles/icon_wind.gif\">", $neueckig); + $neueckig = str_replace(":)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig); + $neueckig = str_replace(":-)", "<img src=\"pic/smiles/icon_smile.gif\">", $neueckig); + $neueckig = str_replace(":(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig); + $neueckig = str_replace(":-(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig); + $neueckig = str_replace(":o(", "<img src=\"pic/smiles/icon_sad.gif\">", $neueckig); + $neueckig = str_replace(":o)", "<img src=\"pic/smiles/icon_lol.gif\">", $neueckig); + $neueckig = str_replace(";o(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig); + $neueckig = str_replace(";(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig); + $neueckig = str_replace(";-(", "<img src=\"pic/smiles/icon_cry.gif\">", $neueckig); + $neueckig = str_replace("8)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig); + $neueckig = str_replace("8o)", "<img src=\"pic/smiles/icon_rolleyes.gif\">", $neueckig); + $neueckig = str_replace(":P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig); + $neueckig = str_replace(":-P", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig); + $neueckig = str_replace(":oP", "<img src=\"pic/smiles/icon_evil.gif\">", $neueckig); + $neueckig = str_replace(";P", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig); + $neueckig = str_replace(";oP", "<img src=\"pic/smiles/icon_mad.gif\">", $neueckig); + $neueckig = str_replace("?)", "<img src=\"pic/smiles/icon_question.gif\">", $neueckig); + + return $neueckig; } function GetPictureShow($UID) { - global $con; + global $con; - $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'"; - $res = mysql_query($SQL, $con); + $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'"; + $res = mysql_query($SQL, $con); - if (mysql_num_rows($res) == 1) - return mysql_result($res, 0, 0); - else - return ""; + if (mysql_num_rows($res) == 1) + return mysql_result($res, 0, 0); + else + return ""; } function displayPicture($UID, $height = "30") { - global $url, $ENGEL_ROOT; + global $url, $ENGEL_ROOT; - if ($height > 0) - return ("<div class=\"avatar\"><img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\"></div>"); - else - return ("<div class=\"avatar\"><img class=\"avatar\" src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\"></div>"); + if ($height > 0) + return ("<div class=\"avatar\"><img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\"></div>"); + else + return ("<div class=\"avatar\"><img class=\"avatar\" src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\"></div>"); } function displayavatar($UID, $height = "30") { - global $con, $url, $ENGEL_ROOT; + global $con, $url, $ENGEL_ROOT; - if (GetPictureShow($UID) == 'Y') - return " " . displayPicture($UID, $height); + if (GetPictureShow($UID) == 'Y') + return " " . displayPicture($UID, $height); - $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1"); - if (count($user) > 0) - if ($user[0]['Avatar'] > 0) - return '<div class="avatar">' . (" <img src=\"pic/avatar/avatar" . $user[0]['Avatar'] . ".gif\">") . '</div>'; + $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($UID) . " LIMIT 1"); + if (count($user) > 0) + if ($user[0]['Avatar'] > 0) + return '<div class="avatar">' . (" <img src=\"pic/avatar/avatar" . $user[0]['Avatar'] . ".gif\">") . '</div>'; } function UIDgekommen($UID) { - global $con; + global $con; - $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'"; - $Erg = mysql_query($SQL, $con); + $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'"; + $Erg = mysql_query($SQL, $con); - if (mysql_num_rows($Erg)) - return mysql_result($Erg, 0); - else - return "0"; + if (mysql_num_rows($Erg)) + return mysql_result($Erg, 0); + else + return "0"; } ?> diff --git a/public/index.php b/public/index.php index bd7e552d..a7efbd86 100644 --- a/public/index.php +++ b/public/index.php @@ -11,6 +11,9 @@ require_once ('includes/sys_shift.php'); require_once ('includes/sys_template.php'); require_once ('includes/sys_user.php'); +require_once ('includes/model/LogEntries_model.php'); +require_once ('includes/model/User_model.php'); + require_once ('config/config.php'); require_once ('config/config_db.php'); diff --git a/templates/user_questions.html b/templates/user_questions.html index 4cbe0338..0167ba6d 100644 --- a/templates/user_questions.html +++ b/templates/user_questions.html @@ -43,7 +43,7 @@ </table> <hr/> <p> - Frage einen Orga: + Frage einen Erzengel: </p> <form action="%link%&action=ask" method="post"> <table> |