summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--db/update.d/20_LogEntriesTable.php19
-rw-r--r--includes/model/LogEntries_model.php15
-rw-r--r--includes/model/User_model.php14
-rw-r--r--includes/pages/admin_active.php232
-rw-r--r--includes/pages/admin_angel_types.php8
-rw-r--r--includes/pages/admin_arrive.php100
-rw-r--r--includes/pages/admin_groups.php166
-rw-r--r--includes/pages/admin_import.php522
-rw-r--r--includes/pages/admin_news.php144
-rw-r--r--includes/pages/admin_questions.php138
-rw-r--r--includes/pages/admin_rooms.php19
-rw-r--r--includes/pages/admin_shifts.php9
-rw-r--r--includes/pages/admin_user_angeltypes.php20
-rw-r--r--includes/sys_log.php19
-rw-r--r--public/index.php1
15 files changed, 785 insertions, 641 deletions
diff --git a/db/update.d/20_LogEntriesTable.php b/db/update.d/20_LogEntriesTable.php
new file mode 100644
index 00000000..5ea82efc
--- /dev/null
+++ b/db/update.d/20_LogEntriesTable.php
@@ -0,0 +1,19 @@
+<?php
+
+if(sql_num_query("SHOW TABLES LIKE 'LogEntries'") == 0) {
+ sql_query("CREATE TABLE `LogEntries` (
+ `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+ `timestamp` INT NOT NULL ,
+ `nick` VARCHAR( 23 ) NOT NULL ,
+ `message` TEXT NOT NULL ,
+ INDEX ( `timestamp` )
+ ) ENGINE = InnoDB;");
+ $applied = true;
+}
+
+if(sql_num_query("SHOW TABLES LIKE 'ChangeLog'") == 0) {
+ sql_query("DROP TABLE `ChangeLog`");
+ $applied = true;
+}
+
+?> \ No newline at end of file
diff --git a/includes/model/LogEntries_model.php b/includes/model/LogEntries_model.php
new file mode 100644
index 00000000..d8615f0e
--- /dev/null
+++ b/includes/model/LogEntries_model.php
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * Creates a log entry.
+ * @param $nick Username
+ * @param $message Log Message
+ */
+function LogEntry_create($nick, $message) {
+ $timestamp = date();
+
+ sql_query("INSERT INTO `LogEntries` SET `timestamp`=" . sql_escape($timestamp) . ", `nick`='" . sql_escape($nick) . "', `message`='" . sql_escape($message) . "'");
+}
+
+
+?> \ No newline at end of file
diff --git a/includes/model/User_model.php b/includes/model/User_model.php
new file mode 100644
index 00000000..c2d2282e
--- /dev/null
+++ b/includes/model/User_model.php
@@ -0,0 +1,14 @@
+<?php
+
+/**
+ * Returns user by id.
+ * @param $id UID
+ */
+function User($id) {
+ $user_source = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ if(count($user_source) > 0)
+ return $user_source[0];
+ return null;
+}
+
+?> \ No newline at end of file
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php
index 55384345..0dabe568 100644
--- a/includes/pages/admin_active.php
+++ b/includes/pages/admin_active.php
@@ -1,120 +1,144 @@
<?php
function admin_active() {
- global $tshirt_sizes;
-
- $msg = "";
- $search = "";
- $count = 0;
- $limit = "";
- $set_active = "";
- if (isset ($_REQUEST['search']))
- $search = strip_request_item('search');
+ global $tshirt_sizes;
- if (isset ($_REQUEST['set_active'])) {
- $ok = true;
+ $msg = "";
+ $search = "";
+ $count = 0;
+ $limit = "";
+ $set_active = "";
+ if (isset ($_REQUEST['search']))
+ $search = strip_request_item('search');
- if (isset ($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count']))
- $count = strip_request_item('count');
- else {
- $ok = false;
- $msg .= error("Please enter a number of angels to be marked as active.", true);
- }
+ if (isset ($_REQUEST['set_active'])) {
+ $ok = true;
- if ($ok)
- $limit = " LIMIT " . $count;
- if (isset ($_REQUEST['ack'])) {
- sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0");
- $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
- foreach ($users as $usr)
- sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID']));
+ if (isset ($_REQUEST['count']) && preg_match("/^[0-9]+$/", $_REQUEST['count']))
+ $count = strip_request_item('count');
+ else {
+ $ok = false;
+ $msg .= error("Please enter a number of angels to be marked as active.", true);
+ }
- $limit = "";
- $msg = success("Marked angels.", true);
- } else {
- $set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; back</a> | <a href="' . page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">apply</a>';
- }
- }
+ if ($ok)
+ $limit = " LIMIT " . $count;
+ if (isset ($_REQUEST['ack'])) {
+ sql_query("UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0");
+ $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
+ $user_nicks = array();
+ foreach ($users as $usr) {
+ sql_query("UPDATE `User` SET `Aktiv` = 1 WHERE `UID`=" . sql_escape($usr['UID']));
+ $user_nicks[] = $usr['Nick'];
+ }
+ engelsystem_log("These angels are active now: " . join(", ", $user_nicks));
- if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
- $id = $_REQUEST['active'];
- sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has been marked as active.", true);
- }
- elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
- $id = $_REQUEST['not_active'];
- sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has been marked as not active.", true);
- }
- elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
- $id = $_REQUEST['tshirt'];
- sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has got a t-shirt.", true);
- }
- elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
- $id = $_REQUEST['not_tshirt'];
- sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has got no t-shirt.", true);
- }
+ $limit = "";
+ $msg = success("Marked angels.", true);
+ } else {
+ $set_active = '<a href="' . page_link_to('admin_active') . '&amp;serach=' . $search . '">&laquo; back</a> | <a href="' . page_link_to('admin_active') . '&amp;search=' . $search . '&amp;count=' . $count . '&amp;set_active&amp;ack">apply</a>';
+ }
+ }
- $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
+ if (isset ($_REQUEST['active']) && preg_match("/^[0-9]+$/", $_REQUEST['active'])) {
+ $id = $_REQUEST['active'];
+ $user_source = User($id);
+ if($user_source != null) {
+ sql_query("UPDATE `User` SET `Aktiv`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("User " . $user_source['Nick'] . " is active now.");
+ $msg = success("Angel has been marked as active.", true);
+ }
+ else $msg = error("Angel not found.", true);
+ }
+ elseif (isset ($_REQUEST['not_active']) && preg_match("/^[0-9]+$/", $_REQUEST['not_active'])) {
+ $id = $_REQUEST['not_active'];
+ $user_source = User($id);
+ if($user_source != null) {
+ sql_query("UPDATE `User` SET `Aktiv`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("User " . $user_source['Nick'] . " is NOT active now.");
+ $msg = success("Angel has been marked as not active.", true);
+ }
+ else $msg = error("Angel not found.", true);
+ }
+ elseif (isset ($_REQUEST['tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['tshirt'])) {
+ $id = $_REQUEST['tshirt'];
+ $user_source = User($id);
+ if($user_source != null) {
+ sql_query("UPDATE `User` SET `Tshirt`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("User " . $user_source['Nick'] . " has tshirt now.");
+ $msg = success("Angel has got a t-shirt.", true);
+ }
+ else $msg = error("Angel not found.", true);
+ }
+ elseif (isset ($_REQUEST['not_tshirt']) && preg_match("/^[0-9]+$/", $_REQUEST['not_tshirt'])) {
+ $id = $_REQUEST['not_tshirt'];
+ $user_source = User($id);
+ if($user_source != null) {
+ sql_query("UPDATE `User` SET `Tshirt`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("User " . $user_source['Nick'] . " NO tshirt.");
+ $msg = success("Angel has got no t-shirt.", true);
+ }
+ else $msg = error("Angel not found.", true);
+ }
- $table = "";
- if ($search == "")
- $tokens = array ();
- else
- $tokens = explode(" ", $search);
- foreach ($users as $usr) {
- if (count($tokens) > 0) {
- $match = false;
- $index = join("", $usr);
- foreach ($tokens as $t)
- if (strstr($index, trim($t))) {
- $match = true;
- break;
- }
- if (!$match)
- continue;
- }
- $table .= '<tr>';
- $table .= '<td>' . $usr['Nick'] . '</td>';
- $table .= '<td>' . $tshirt_sizes[$usr['Size']] . '</td>';
- $table .= '<td>' . $usr['shift_count'] . '</td>';
+ $users = sql_select("SELECT `User`.*, COUNT(`ShiftEntry`.`id`) as `shift_count`, SUM(`end`-`start`) as `shift_length` FROM `User` LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID` LEFT JOIN `Shifts` ON `ShiftEntry`.`SID` = `Shifts`.`SID` WHERE `User`.`Gekommen` = 1 GROUP BY `User`.`UID` ORDER BY `shift_length` DESC" . $limit);
- if ($usr['shift_count'] == 0)
- $table .= '<td>-</td>';
- else
- $table .= '<td>' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)</td>';
+ $table = "";
+ if ($search == "")
+ $tokens = array ();
+ else
+ $tokens = explode(" ", $search);
+ foreach ($users as $usr) {
+ if (count($tokens) > 0) {
+ $match = false;
+ $index = join("", $usr);
+ foreach ($tokens as $t)
+ if (strstr($index, trim($t))) {
+ $match = true;
+ break;
+ }
+ if (!$match)
+ continue;
+ }
+ $table .= '<tr>';
+ $table .= '<td>' . $usr['Nick'] . '</td>';
+ $table .= '<td>' . $tshirt_sizes[$usr['Size']] . '</td>';
+ $table .= '<td>' . $usr['shift_count'] . '</td>';
- if ($usr['Aktiv'] == 1)
- $table .= '<td>yes</td>';
- else
- $table .= '<td></td>';
- if ($usr['Tshirt'] == 1)
- $table .= '<td>yes</td>';
- else
- $table .= '<td></td>';
+ if ($usr['shift_count'] == 0)
+ $table .= '<td>-</td>';
+ else
+ $table .= '<td>' . round($usr['shift_length'] / 60) . ' min (' . round($usr['shift_length'] / 3600) . ' h)</td>';
- $actions = array ();
- if ($usr['Aktiv'] == 0)
- $actions[] = '<a href="' . page_link_to('admin_active') . '&amp;active=' . $usr['UID'] . '&amp;search=' . $search . '">set active</a>';
- if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
- $actions[] = '<a href="' . page_link_to('admin_active') . '&amp;not_active=' . $usr['UID'] . '&amp;search=' . $search . '">remove active</a>';
- $actions[] = '<a href="' . page_link_to('admin_active') . '&amp;tshirt=' . $usr['UID'] . '&amp;search=' . $search . '">got t-shirt</a>';
- }
- if ($usr['Tshirt'] == 1)
- $actions[] = '<a href="' . page_link_to('admin_active') . '&amp;not_tshirt=' . $usr['UID'] . '&amp;search=' . $search . '">remove t-shirt</a>';
+ if ($usr['Aktiv'] == 1)
+ $table .= '<td>yes</td>';
+ else
+ $table .= '<td></td>';
+ if ($usr['Tshirt'] == 1)
+ $table .= '<td>yes</td>';
+ else
+ $table .= '<td></td>';
- $table .= '<td>' . join(' | ', $actions) . '</td>';
+ $actions = array ();
+ if ($usr['Aktiv'] == 0)
+ $actions[] = '<a href="' . page_link_to('admin_active') . '&amp;active=' . $usr['UID'] . '&amp;search=' . $search . '">set active</a>';
+ if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) {
+ $actions[] = '<a href="' . page_link_to('admin_active') . '&amp;not_active=' . $usr['UID'] . '&amp;search=' . $search . '">remove active</a>';
+ $actions[] = '<a href="' . page_link_to('admin_active') . '&amp;tshirt=' . $usr['UID'] . '&amp;search=' . $search . '">got t-shirt</a>';
+ }
+ if ($usr['Tshirt'] == 1)
+ $actions[] = '<a href="' . page_link_to('admin_active') . '&amp;not_tshirt=' . $usr['UID'] . '&amp;search=' . $search . '">remove t-shirt</a>';
- $table .= '</tr>';
- }
- return template_render('../templates/admin_active.html', array (
- 'search' => $search,
- 'count' => $count,
- 'set_active' => $set_active,
- 'table' => $table,
- 'msg' => $msg,
- 'link' => page_link_to('admin_active')
- ));
+ $table .= '<td>' . join(' | ', $actions) . '</td>';
+
+ $table .= '</tr>';
+ }
+ return template_render('../templates/admin_active.html', array (
+ 'search' => $search,
+ 'count' => $count,
+ 'set_active' => $set_active,
+ 'table' => $table,
+ 'msg' => $msg,
+ 'link' => page_link_to('admin_active')
+ ));
}
?> \ No newline at end of file
diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php
index 90289d61..d5841d1c 100644
--- a/includes/pages/admin_angel_types.php
+++ b/includes/pages/admin_angel_types.php
@@ -47,10 +47,13 @@ function admin_angel_types() {
$restricted = 0;
if ($ok) {
- if (isset ($id))
+ if (isset ($id)) {
sql_query("UPDATE `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted) . " WHERE `id`=" . sql_escape($id) . " LIMIT 1");
- else
+ engelsystem_log("Updated angeltype: " . $name . ", restricted: " . $restricted);
+ } else {
sql_query("INSERT INTO `AngelTypes` SET `name`='" . sql_escape($name) . "', `restricted`=" . sql_escape($restricted));
+ engelsystem_log("Created angeltype: " . $name . ", restricted: " . $restricted);
+ }
success("Angel type saved.");
redirect(page_link_to('admin_angel_types'));
@@ -76,6 +79,7 @@ function admin_angel_types() {
sql_query("DELETE FROM `ShiftEntry` WHERE `TID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `AngelTypes` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `UserAngelTypes` WHERE `angeltype_id`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("Deleted angel type: " . $name);
success(sprintf("Angel type %s deleted.", $name));
redirect(page_link_to('admin_angel_types'));
}
diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php
index 2acad0b3..70a43394 100644
--- a/includes/pages/admin_arrive.php
+++ b/includes/pages/admin_arrive.php
@@ -1,52 +1,60 @@
<?php
function admin_arrive() {
- $msg = "";
- $search = "";
- if (isset ($_REQUEST['search']))
- $search = strip_request_item('search');
+ $msg = "";
+ $search = "";
+ if (isset ($_REQUEST['search']))
+ $search = strip_request_item('search');
- if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) {
- $id = $_REQUEST['reset'];
- sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Reset done. Angel has not arrived.", true);
- }
- elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) {
- $id = $_REQUEST['arrived'];
- sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- $msg = success("Angel has been marked as arrived.", true);
- }
+ if (isset ($_REQUEST['reset']) && preg_match("/^[0-9]*$/", $_REQUEST['reset'])) {
+ $id = $_REQUEST['reset'];
+ $user_source = User($id);
+ if($user_source != null) {
+ sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("User set to not arrived: " . $user_source['Nick']);
+ $msg = success("Reset done. Angel has not arrived.", true);
+ } else $msg = error("Angel not found.", true);
+ }
+ elseif (isset ($_REQUEST['arrived']) && preg_match("/^[0-9]*$/", $_REQUEST['arrived'])) {
+ $id = $_REQUEST['arrived'];
+ $user_source = User($id);
+ if($user_source != null) {
+ sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("User set has arrived: " . $user_source['Nick']);
+ $msg = success("Angel has been marked as arrived.", true);
+ } else $msg = error("Angel not found.", true);
+ }
- $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`");
- $table = "";
- if ($search == "")
- $tokens = array ();
- else
- $tokens = explode(" ", $search);
- foreach ($users as $usr) {
- if (count($tokens) > 0) {
- $match = false;
- $index = join("", $usr);
- foreach ($tokens as $t)
- if (strstr($index, trim($t))) {
- $match = true;
- break;
- }
- if (!$match)
- continue;
- }
- $table .= '<tr>';
- $table .= '<td>' . $usr['Nick'] . '</td>';
- if ($usr['Gekommen'] == 1)
- $table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>';
- else
- $table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>';
- $table .= '</tr>';
- }
- return template_render('../templates/admin_arrive.html', array (
- 'search' => $search,
- 'table' => $table,
- 'msg' => $msg,
- 'link' => page_link_to('admin_arrive')
- ));
+ $users = sql_select("SELECT * FROM `User` ORDER BY `Nick`");
+ $table = "";
+ if ($search == "")
+ $tokens = array ();
+ else
+ $tokens = explode(" ", $search);
+ foreach ($users as $usr) {
+ if (count($tokens) > 0) {
+ $match = false;
+ $index = join("", $usr);
+ foreach ($tokens as $t)
+ if (strstr($index, trim($t))) {
+ $match = true;
+ break;
+ }
+ if (!$match)
+ continue;
+ }
+ $table .= '<tr>';
+ $table .= '<td>' . $usr['Nick'] . '</td>';
+ if ($usr['Gekommen'] == 1)
+ $table .= '<td>yes</td><td><a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">reset</a></td>';
+ else
+ $table .= '<td></td><td><a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">arrived</a></td>';
+ $table .= '</tr>';
+ }
+ return template_render('../templates/admin_arrive.html', array (
+ 'search' => $search,
+ 'table' => $table,
+ 'msg' => $msg,
+ 'link' => page_link_to('admin_arrive')
+ ));
}
?> \ No newline at end of file
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 2fc789fa..df472359 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -1,91 +1,99 @@
<?php
function admin_groups() {
- global $user;
+ global $user;
- $html = "";
- $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
- if (!isset ($_REQUEST["action"])) {
- $groups_html = "";
- foreach ($groups as $group) {
- $groups_html .= sprintf(
- '<tr><td>%s</td>',
- $group['Name']
- );
- $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
- $privileges_html = array ();
+ $html = "";
+ $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
+ if (!isset ($_REQUEST["action"])) {
+ $groups_html = "";
+ foreach ($groups as $group) {
+ $groups_html .= sprintf(
+ '<tr><td>%s</td>',
+ $group['Name']
+ );
+ $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
+ $privileges_html = array ();
- foreach ($privileges as $priv)
- $privileges_html[] = $priv['name'];
+ foreach ($privileges as $priv)
+ $privileges_html[] = $priv['name'];
- $groups_html .= sprintf(
- '<td>%s</td>'
- . '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
- join(', ', $privileges_html),
- page_link_to("admin_groups"),
- $group['UID']
- );
- }
+ $groups_html .= sprintf(
+ '<td>%s</td>'
+ . '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
+ join(', ', $privileges_html),
+ page_link_to("admin_groups"),
+ $group['UID']
+ );
+ }
- return template_render('../templates/admin_groups.html', array (
- 'nick' => $user['Nick'],
- 'groups' => $groups_html
- ));
- } else {
- switch ($_REQUEST["action"]) {
- case 'edit' :
- if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing Groups ID.", true);
+ return template_render('../templates/admin_groups.html', array (
+ 'nick' => $user['Nick'],
+ 'groups' => $groups_html
+ ));
+ } else {
+ switch ($_REQUEST["action"]) {
+ case 'edit' :
+ if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Groups ID.", true);
- $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- if (count($room) > 0) {
- list ($room) = $room;
- $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
- $privileges_html = "";
- foreach ($privileges as $priv)
- $privileges_html .= sprintf(
- '<tr><td><input type="checkbox" '
- . 'name="privileges[]" value="%s" %s />'
- . '</td> <td>%s</td> <td>%s</td></tr>',
- $priv['id'],
- ($priv['group_id'] != ""
- ? 'checked="checked"'
- : ''),
- $priv['name'],
- $priv['desc']
- );
+ $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($room) > 0) {
+ list ($room) = $room;
+ $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
+ $privileges_html = "";
+ foreach ($privileges as $priv)
+ $privileges_html .= sprintf(
+ '<tr><td><input type="checkbox" '
+ . 'name="privileges[]" value="%s" %s />'
+ . '</td> <td>%s</td> <td>%s</td></tr>',
+ $priv['id'],
+ ($priv['group_id'] != ""
+ ? 'checked="checked"'
+ : ''),
+ $priv['name'],
+ $priv['desc']
+ );
- $html .= template_render('../templates/admin_groups_edit_form.html', array (
- 'link' => page_link_to("admin_groups"),
- 'id' => $id,
- 'privileges' => $privileges_html
- ));
- } else
- return error("No Group found.", true);
- break;
+ $html .= template_render('../templates/admin_groups_edit_form.html', array (
+ 'link' => page_link_to("admin_groups"),
+ 'id' => $id,
+ 'privileges' => $privileges_html
+ ));
+ } else
+ return error("No Group found.", true);
+ break;
- case 'save' :
- if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing Groups ID.", true);
+ case 'save' :
+ if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Groups ID.", true);
- $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- if (!is_array($_REQUEST['privileges']))
- $_REQUEST['privileges'] = array ();
- if (count($room) > 0) {
- list ($room) = $room;
- sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
- foreach ($_REQUEST['privileges'] as $priv)
- if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
- sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
- header("Location: " . page_link_to("admin_groups"));
- } else
- return error("No Group found.", true);
- break;
- }
- }
- return $html;
+ $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ if (!is_array($_REQUEST['privileges']))
+ $_REQUEST['privileges'] = array ();
+ if (count($room) > 0) {
+ list ($room) = $room;
+ sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
+ $privilege_names = array();
+ foreach ($_REQUEST['privileges'] as $priv) {
+ if (preg_match("/^[0-9]{1,}$/", $priv)) {
+ $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1");
+ if(count($group_privileges_source) > 0) {
+ sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
+ $privilege_names[] = $group_privileges_source[0]['name'];
+ }
+ }
+ }
+ engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names));
+ header("Location: " . page_link_to("admin_groups"));
+ } else
+ return error("No Group found.", true);
+ break;
+ }
+ }
+ return $html;
}
?>
diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php
index 5ac62d2d..9a31d5cd 100644
--- a/includes/pages/admin_import.php
+++ b/includes/pages/admin_import.php
@@ -1,279 +1,281 @@
<?php
function admin_import() {
- global $PentabarfXMLhost, $PentabarfXMLpath;
- global $rooms_import;
- global $user;
- $html = "";
-
- $step = "input";
- if (isset ($_REQUEST['step']))
- $step = $_REQUEST['step'];
-
- $html .= '<p>';
- $html .= $step == "input" ? '<b>1. Input</b>' : '1. Input';
- $html .= ' &raquo; ';
- $html .= $step == "check" ? '<b>2. Validate</b>' : '2. Validate';
- $html .= ' &raquo; ';
- $html .= $step == "import" ? '<b>3. Import</b>' : '3. Import';
- $html .= '</p>';
-
- $import_file = '../import/import_' . $user['UID'] . '.xml';
-
- switch ($step) {
- case "input" :
- $ok = false;
- if ($test_handle = fopen('../import/tmp', 'w')) {
- fclose($test_handle);
- unlink('../import/tmp');
- } else {
- $msg = error("Webserver has no write-permission on import directory.", true);
- }
-
- if (isset ($_REQUEST['submit'])) {
- $ok = true;
- if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") {
- $fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5);
-
- if (!$fp) {
- $ok = false;
- $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true);
- } else {
- $fileOut = fopen($import_file, "w");
- $head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" .
- 'Host: ' . $PentabarfXMLhost . "\r\n" .
- 'User-Agent: Engelsystem' . "\r\n" .
- 'Authorization: Basic ' .
- base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" .
- "\r\n";
- fputs($fp, $head);
- $Zeilen = -1;
- echo "<pre>";
- while (!feof($fp)) {
- $Temp = fgets($fp, 1024);
-
- // show header
- if ($Zeilen == -1) {
- echo $Temp;
- }
-
- // ende des headers
- if ($Temp == "\r\n") {
- echo "</pre>\n";
- $Zeilen = 0;
- $Temp = "";
- }
-
- //file ende?
- if ($Temp == "0\r\n")
- break;
-
- if (($Zeilen > -1) && ($Temp != "ffb\r\n")) {
- //steuerzeichen ausfiltern
- if (strpos("#$Temp", "\r\n") > 0)
- $Temp = substr($Temp, 0, strlen($Temp) - 2);
- if (strpos("#$Temp", "1005") > 0)
- $Temp = "";
- if (strpos("#$Temp", "783") > 0)
- $Temp = "";
- //schreiben in file
- fputs($fileOut, $Temp);
- $Zeilen++;
- }
- }
- fclose($fileOut);
- fclose($fp);
- $msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true);
- }
- }
- elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) {
- if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) {
- libxml_use_internal_errors(true);
- if (simplexml_load_file($import_file) === false) {
- $ok = false;
- $msg = error("No valid xml/xcal file provided.", true);
- unlink($import_file);
- }
- } else {
- $ok = false;
- $msg = error("File upload went wrong.", true);
- }
- } else {
- $ok = false;
- $msg = error("Please provide some data.", true);
- }
- }
-
- if ($ok)
- header("Location: " . page_link_to('admin_import') . "&step=check");
- else
- $html .= template_render('../templates/admin_import_input.html', array (
- 'link' => page_link_to('admin_import'),
- 'msg' => $msg,
- 'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath"
- ));
- break;
-
- case "check" :
- if (!file_exists($import_file))
- header("Location: " . page_link_to('admin_import'));
-
- list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
- list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
-
- $html .= template_render('../templates/admin_import_check.html', array (
- 'link' => page_link_to('admin_import'),
- 'rooms_new' => count($rooms_new) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_new),
- 'rooms_deleted' => count($rooms_deleted) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_deleted),
- 'events_new' => count($events_new) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_new)),
- 'events_updated' => count($events_updated) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_updated)),
- 'events_deleted' => count($events_deleted) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_deleted))
- ));
- break;
-
- case "import" :
- if (!file_exists($import_file))
- header("Location: " . page_link_to('admin_import'));
-
- list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
- foreach ($rooms_new as $room) {
- sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'");
- $rooms_import[trim($room)] = sql_id();
- }
- foreach ($rooms_deleted as $room)
- sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
-
- list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
- foreach ($events_new as $event)
- sql_query("INSERT INTO `Shifts` SET `name`='" .
- sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'");
-
- foreach ($events_updated as $event)
- sql_query("UPDATE `Shifts` SET `name`='" .
- sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1");
-
- foreach ($events_deleted as $event)
- sql_query("DELETE FROM `Shifts` WHERE `PSID`=" .
- sql_escape($event['PSID']) . " LIMIT 1");
-
- unlink($import_file);
-
- $html .= template_render('../templates/admin_import_import.html', array ());
- break;
- }
-
- return $html;
+ global $PentabarfXMLhost, $PentabarfXMLpath;
+ global $rooms_import;
+ global $user;
+ $html = "";
+
+ $step = "input";
+ if (isset ($_REQUEST['step']))
+ $step = $_REQUEST['step'];
+
+ $html .= '<p>';
+ $html .= $step == "input" ? '<b>1. Input</b>' : '1. Input';
+ $html .= ' &raquo; ';
+ $html .= $step == "check" ? '<b>2. Validate</b>' : '2. Validate';
+ $html .= ' &raquo; ';
+ $html .= $step == "import" ? '<b>3. Import</b>' : '3. Import';
+ $html .= '</p>';
+
+ $import_file = '../import/import_' . $user['UID'] . '.xml';
+
+ switch ($step) {
+ case "input" :
+ $ok = false;
+ if ($test_handle = fopen('../import/tmp', 'w')) {
+ fclose($test_handle);
+ unlink('../import/tmp');
+ } else {
+ $msg = error("Webserver has no write-permission on import directory.", true);
+ }
+
+ if (isset ($_REQUEST['submit'])) {
+ $ok = true;
+ if (isset ($_REQUEST['user']) && $_REQUEST['user'] != "" && isset ($_REQUEST['password']) && $_REQUEST['password'] != "") {
+ $fp = fsockopen("ssl://$PentabarfXMLhost", 443, $errno, $errstr, 5);
+
+ if (!$fp) {
+ $ok = false;
+ $msg = error("File 'https://$PentabarfXMLhost/$PentabarfXMLpath" . $_REQUEST["url"] . "' not readable!" . "[$errstr ($errno)]", true);
+ } else {
+ $fileOut = fopen($import_file, "w");
+ $head = 'GET /' . $PentabarfXMLpath . $_REQUEST["url"] . ' HTTP/1.1' . "\r\n" .
+ 'Host: ' . $PentabarfXMLhost . "\r\n" .
+ 'User-Agent: Engelsystem' . "\r\n" .
+ 'Authorization: Basic ' .
+ base64_encode($_REQUEST["user"] . ':' . $_REQUEST["password"]) . "\r\n" .
+ "\r\n";
+ fputs($fp, $head);
+ $Zeilen = -1;
+ echo "<pre>";
+ while (!feof($fp)) {
+ $Temp = fgets($fp, 1024);
+
+ // show header
+ if ($Zeilen == -1) {
+ echo $Temp;
+ }
+
+ // ende des headers
+ if ($Temp == "\r\n") {
+ echo "</pre>\n";
+ $Zeilen = 0;
+ $Temp = "";
+ }
+
+ //file ende?
+ if ($Temp == "0\r\n")
+ break;
+
+ if (($Zeilen > -1) && ($Temp != "ffb\r\n")) {
+ //steuerzeichen ausfiltern
+ if (strpos("#$Temp", "\r\n") > 0)
+ $Temp = substr($Temp, 0, strlen($Temp) - 2);
+ if (strpos("#$Temp", "1005") > 0)
+ $Temp = "";
+ if (strpos("#$Temp", "783") > 0)
+ $Temp = "";
+ //schreiben in file
+ fputs($fileOut, $Temp);
+ $Zeilen++;
+ }
+ }
+ fclose($fileOut);
+ fclose($fp);
+ $msg .= success("Es wurden $Zeilen Zeilen eingelesen.", true);
+ }
+ }
+ elseif (isset ($_FILES['xcal_file']) && ($_FILES['xcal_file']['error'] == 0)) {
+ if (move_uploaded_file($_FILES['xcal_file']['tmp_name'], $import_file)) {
+ libxml_use_internal_errors(true);
+ if (simplexml_load_file($import_file) === false) {
+ $ok = false;
+ $msg = error("No valid xml/xcal file provided.", true);
+ unlink($import_file);
+ }
+ } else {
+ $ok = false;
+ $msg = error("File upload went wrong.", true);
+ }
+ } else {
+ $ok = false;
+ $msg = error("Please provide some data.", true);
+ }
+ }
+
+ if ($ok)
+ header("Location: " . page_link_to('admin_import') . "&step=check");
+ else
+ $html .= template_render('../templates/admin_import_input.html', array (
+ 'link' => page_link_to('admin_import'),
+ 'msg' => $msg,
+ 'url' => "https://$PentabarfXMLhost/$PentabarfXMLpath"
+ ));
+ break;
+
+ case "check" :
+ if (!file_exists($import_file))
+ header("Location: " . page_link_to('admin_import'));
+
+ list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
+ list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
+
+ $html .= template_render('../templates/admin_import_check.html', array (
+ 'link' => page_link_to('admin_import'),
+ 'rooms_new' => count($rooms_new) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_new),
+ 'rooms_deleted' => count($rooms_deleted) == 0 ? "<tr><td>None</td></tr>" : table_body($rooms_deleted),
+ 'events_new' => count($events_new) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_new)),
+ 'events_updated' => count($events_updated) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_updated)),
+ 'events_deleted' => count($events_deleted) == 0 ? "<tr><td>None</td><td></td><td></td><td></td><td></td></tr>" : table_body(shifts_printable($events_deleted))
+ ));
+ break;
+
+ case "import" :
+ if (!file_exists($import_file))
+ header("Location: " . page_link_to('admin_import'));
+
+ list ($rooms_new, $rooms_deleted) = prepare_rooms($import_file);
+ foreach ($rooms_new as $room) {
+ sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($room) . "', `FromPentabarf`='Y', `Show`='Y'");
+ $rooms_import[trim($room)] = sql_id();
+ }
+ foreach ($rooms_deleted as $room)
+ sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
+
+ list ($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
+ foreach ($events_new as $event)
+ sql_query("INSERT INTO `Shifts` SET `name`='" .
+ sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'");
+
+ foreach ($events_updated as $event)
+ sql_query("UPDATE `Shifts` SET `name`='" .
+ sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1");
+
+ foreach ($events_deleted as $event)
+ sql_query("DELETE FROM `Shifts` WHERE `PSID`=" .
+ sql_escape($event['PSID']) . " LIMIT 1");
+
+ engelsystem_log("Pentabarf import done");
+
+ unlink($import_file);
+
+ $html .= template_render('../templates/admin_import_import.html', array ());
+ break;
+ }
+
+ return $html;
}
function prepare_rooms($file) {
- global $rooms_import;
- $data = read_xml($file);
-
- // Load rooms from db for compare with input
- $rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'");
- $rooms_db = array ();
- $rooms_import = array ();
- foreach ($rooms as $room) {
- $rooms_db[] = $room['Name'];
- $rooms_import[$room['Name']] = $room['RID'];
- }
-
- $events = $data->vcalendar->vevent;
- $rooms_pb = array ();
- foreach ($events as $event) {
- $rooms_pb[] = $event->location;
- if (!isset ($rooms_import[trim($event->location)]))
- $rooms_import[trim($event->location)] = trim($event->location);
- }
- $rooms_pb = array_unique($rooms_pb);
-
- $rooms_new = array_diff($rooms_pb, $rooms_db);
- $rooms_deleted = array_diff($rooms_db, $rooms_pb);
-
- return array (
- $rooms_new,
- $rooms_deleted
- );
+ global $rooms_import;
+ $data = read_xml($file);
+
+ // Load rooms from db for compare with input
+ $rooms = sql_select("SELECT * FROM `Room` WHERE `FromPentabarf`='Y'");
+ $rooms_db = array ();
+ $rooms_import = array ();
+ foreach ($rooms as $room) {
+ $rooms_db[] = $room['Name'];
+ $rooms_import[$room['Name']] = $room['RID'];
+ }
+
+ $events = $data->vcalendar->vevent;
+ $rooms_pb = array ();
+ foreach ($events as $event) {
+ $rooms_pb[] = $event->location;
+ if (!isset ($rooms_import[trim($event->location)]))
+ $rooms_import[trim($event->location)] = trim($event->location);
+ }
+ $rooms_pb = array_unique($rooms_pb);
+
+ $rooms_new = array_diff($rooms_pb, $rooms_db);
+ $rooms_deleted = array_diff($rooms_db, $rooms_pb);
+
+ return array (
+ $rooms_new,
+ $rooms_deleted
+ );
}
function prepare_events($file) {
- global $rooms_import;
- $data = read_xml($file);
-
- $rooms = sql_select("SELECT * FROM `Room`");
- $rooms_db = array ();
- foreach ($rooms as $room)
- $rooms_db[$room['Name']] = $room['RID'];
-
- $events = $data->vcalendar->vevent;
- $shifts_pb = array ();
- foreach ($events as $event) {
- $event_pb = $event->children("http://pentabarf.org");
- $event_id = trim($event_pb-> {
- 'event-id' });
- $shifts_pb[$event_id] = array (
- 'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(),
- 'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(),
- 'RID' => $rooms_import[trim($event->location)],
- 'name' => trim($event->summary),
- 'URL' => trim($event->url),
- 'PSID' => $event_id
- );
- }
-
- $shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`");
- $shifts_db = array ();
- foreach ($shifts as $shift)
- $shifts_db[$shift['PSID']] = $shift;
-
- $shifts_new = array ();
- $shifts_updated = array ();
- foreach ($shifts_pb as $shift)
- if (!isset ($shifts_db[$shift['PSID']]))
- $shifts_new[] = $shift;
- else {
- $tmp = $shifts_db[$shift['PSID']];
- if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL'])
- $shifts_updated[] = $shift;
- }
-
- $shifts_deleted = array ();
- foreach ($shifts_db as $shift)
- if (!isset ($shifts_pb[$shift['PSID']]))
- $shifts_deleted[] = $shift;
-
- return array (
- $shifts_new,
- $shifts_updated,
- $shifts_deleted
- );
+ global $rooms_import;
+ $data = read_xml($file);
+
+ $rooms = sql_select("SELECT * FROM `Room`");
+ $rooms_db = array ();
+ foreach ($rooms as $room)
+ $rooms_db[$room['Name']] = $room['RID'];
+
+ $events = $data->vcalendar->vevent;
+ $shifts_pb = array ();
+ foreach ($events as $event) {
+ $event_pb = $event->children("http://pentabarf.org");
+ $event_id = trim($event_pb-> {
+ 'event-id' });
+ $shifts_pb[$event_id] = array (
+ 'start' => DateTime :: createFromFormat("Ymd\THis", $event->dtstart)->getTimestamp(),
+ 'end' => DateTime :: createFromFormat("Ymd\THis", $event->dtend)->getTimestamp(),
+ 'RID' => $rooms_import[trim($event->location)],
+ 'name' => trim($event->summary),
+ 'URL' => trim($event->url),
+ 'PSID' => $event_id
+ );
+ }
+
+ $shifts = sql_select("SELECT * FROM `Shifts` WHERE `PSID` IS NOT NULL ORDER BY `start`");
+ $shifts_db = array ();
+ foreach ($shifts as $shift)
+ $shifts_db[$shift['PSID']] = $shift;
+
+ $shifts_new = array ();
+ $shifts_updated = array ();
+ foreach ($shifts_pb as $shift)
+ if (!isset ($shifts_db[$shift['PSID']]))
+ $shifts_new[] = $shift;
+ else {
+ $tmp = $shifts_db[$shift['PSID']];
+ if ($shift['name'] != $tmp['name'] || $shift['start'] != $tmp['start'] || $shift['end'] != $tmp['end'] || $shift['RID'] != $tmp['RID'] || $shift['URL'] != $tmp['URL'])
+ $shifts_updated[] = $shift;
+ }
+
+ $shifts_deleted = array ();
+ foreach ($shifts_db as $shift)
+ if (!isset ($shifts_pb[$shift['PSID']]))
+ $shifts_deleted[] = $shift;
+
+ return array (
+ $shifts_new,
+ $shifts_updated,
+ $shifts_deleted
+ );
}
function read_xml($file) {
- global $xml_import;
- if (!isset ($xml_import))
- $xml_import = simplexml_load_file($file);
- return $xml_import;
+ global $xml_import;
+ if (!isset ($xml_import))
+ $xml_import = simplexml_load_file($file);
+ return $xml_import;
}
function shifts_printable($shifts) {
- global $rooms_import;
- $rooms = array_flip($rooms_import);
-
- uasort($shifts, 'shift_sort');
-
- $shifts_printable = array ();
- foreach ($shifts as $shift)
- $shifts_printable[] = array (
- 'day' => date("l, Y-m-d", $shift['start']),
- 'start' => date("H:i", $shift['start']),
- 'name' => shorten($shift['name']),
- 'end' => date("H:i", $shift['end']),
- 'room' => $rooms[$shift['RID']]
- );
- return $shifts_printable;
+ global $rooms_import;
+ $rooms = array_flip($rooms_import);
+
+ uasort($shifts, 'shift_sort');
+
+ $shifts_printable = array ();
+ foreach ($shifts as $shift)
+ $shifts_printable[] = array (
+ 'day' => date("l, Y-m-d", $shift['start']),
+ 'start' => date("H:i", $shift['start']),
+ 'name' => shorten($shift['name']),
+ 'end' => date("H:i", $shift['end']),
+ 'room' => $rooms[$shift['RID']]
+ );
+ return $shifts_printable;
}
function shift_sort($a, $b) {
- return ($a['start'] < $b['start']) ? -1 : 1;
+ return ($a['start'] < $b['start']) ? -1 : 1;
}
?>
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index ca1f81fc..f6c06001 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -1,87 +1,89 @@
<?php
function admin_news() {
- global $user;
-
- if (!isset ($_GET["action"])) {
- header("Location: " . page_link_to("news"));
- } else {
- $html = "";
- switch ($_GET["action"]) {
- case 'edit' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing News ID.", true);
+ global $user;
- $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
- if (count($news) > 0) {
- list ($news) = $news;
+ if (!isset ($_GET["action"])) {
+ header("Location: " . page_link_to("news"));
+ } else {
+ $html = "";
+ switch ($_GET["action"]) {
+ case 'edit' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing News ID.", true);
- $html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>';
+ $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($news) > 0) {
+ list ($news) = $news;
- $html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
+ $html .= '<a href="' . page_link_to("news") . '">&laquo Back</a>';
- $html .= "<table>\n";
- $html .= " <tr><td>Datum</td><td>" .
- date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n";
- $html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" .
- $news["Betreff"] . "\"></td></tr>\n";
- $html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
- $news["Text"] . "</textarea></td></tr>\n";
- $html .= " <tr><td>Engel</td><td>" .
- UID2Nick($news["UID"]) . "</td></tr>\n";
- $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array (
- '1' => "Ja",
- '0' => "Nein"
- ), $news['Treffen']) . "</td></tr>\n";
- $html .= "</table>";
+ $html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n";
- $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
- $html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n";
- $html .= "</form>";
+ $html .= "<table>\n";
+ $html .= " <tr><td>Datum</td><td>" .
+ date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n";
+ $html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" .
+ $news["Betreff"] . "\"></td></tr>\n";
+ $html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" .
+ $news["Text"] . "</textarea></td></tr>\n";
+ $html .= " <tr><td>Engel</td><td>" .
+ UID2Nick($news["UID"]) . "</td></tr>\n";
+ $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', 'eTreffen', array (
+ '1' => "Ja",
+ '0' => "Nein"
+ ), $news['Treffen']) . "</td></tr>\n";
+ $html .= "</table>";
- $html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n";
- $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
- $html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
- $html .= "</form>";
- } else
- return error("No News found.", true);
- break;
+ $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
+ $html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n";
+ $html .= "</form>";
- case 'save' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing News ID.", true);
+ $html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n";
+ $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n";
+ $html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n";
+ $html .= "</form>";
+ } else
+ return error("No News found.", true);
+ break;
- $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
- if (count($news) > 0) {
- list ($news) = $news;
+ case 'save' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing News ID.", true);
- sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
- "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
- header("Location: " . page_link_to("news"));
- } else
- return error("No News found.", true);
- break;
+ $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($news) > 0) {
+ list ($news) = $news;
- case 'delete' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing News ID.", true);
+ sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) .
+ "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1");
+ engelsystem_log("News updated: " . $_POST["eBetreff"]);
+ header("Location: " . page_link_to("news"));
+ } else
+ return error("No News found.", true);
+ break;
- $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
- if (count($news) > 0) {
- list ($news) = $news;
+ case 'delete' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing News ID.", true);
- sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
- header("Location: " . page_link_to("news"));
- } else
- return error("No News found.", true);
- break;
- }
- }
- return $html;
+ $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($news) > 0) {
+ list ($news) = $news;
+
+ sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("News deleted: " . $news['Betreff']);
+ header("Location: " . page_link_to("news"));
+ } else
+ return error("No News found.", true);
+ break;
+ }
+ }
+ return $html;
}
?> \ No newline at end of file
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index df5e9196..a85c8c0f 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -1,85 +1,87 @@
<?php
function admin_new_questions() {
- global $user, $privileges;
+ global $user, $privileges;
- if (in_array("admin_questions", $privileges)) {
- $new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0");
+ if (in_array("admin_questions", $privileges)) {
+ $new_messages = sql_num_query("SELECT * FROM `Questions` WHERE `AID`=0");
- if ($new_messages > 0)
- return '<p class="info"><a href="' . page_link_to("admin_questions") . '">Es gibt unbeantwortete Fragen!</a></p><hr />';
- }
+ if ($new_messages > 0)
+ return '<p class="info"><a href="' . page_link_to("admin_questions") . '">Es gibt unbeantwortete Fragen!</a></p><hr />';
+ }
- return "";
+ return "";
}
function admin_questions() {
- global $user;
+ global $user;
- if (!isset ($_REQUEST['action'])) {
- $open_questions = "";
- $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
- foreach ($questions as $question)
- $open_questions .= template_render(
- '../templates/admin_question_unanswered.html', array (
- 'question_nick' => UID2Nick($question['UID']),
- 'question_id' => $question['QID'],
- 'link' => page_link_to("admin_questions"),
- 'question' => str_replace("\n", '<br />', $question['Question'])
- ));
+ if (!isset ($_REQUEST['action'])) {
+ $open_questions = "";
+ $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`=0");
+ foreach ($questions as $question)
+ $open_questions .= template_render(
+ '../templates/admin_question_unanswered.html', array (
+ 'question_nick' => UID2Nick($question['UID']),
+ 'question_id' => $question['QID'],
+ 'link' => page_link_to("admin_questions"),
+ 'question' => str_replace("\n", '<br />', $question['Question'])
+ ));
- $answered_questions = "";
- $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
+ $answered_questions = "";
+ $questions = sql_select("SELECT * FROM `Questions` WHERE `AID`>0");
- foreach ($questions as $question)
- $answered_questions .= template_render(
- '../templates/admin_question_answered.html', array (
- 'question_id' => $question['QID'],
- 'question_nick' => UID2Nick($question['UID']),
- 'question' => str_replace("\n", "<br />", $question['Question']),
- 'answer_nick' => UID2Nick($question['AID']),
- 'answer' => str_replace("\n", "<br />", $question['Answer']),
- 'link' => page_link_to("admin_questions"),
- ));
+ foreach ($questions as $question)
+ $answered_questions .= template_render(
+ '../templates/admin_question_answered.html', array (
+ 'question_id' => $question['QID'],
+ 'question_nick' => UID2Nick($question['UID']),
+ 'question' => str_replace("\n", "<br />", $question['Question']),
+ 'answer_nick' => UID2Nick($question['AID']),
+ 'answer' => str_replace("\n", "<br />", $question['Answer']),
+ 'link' => page_link_to("admin_questions"),
+ ));
- return template_render('../templates/admin_questions.html', array (
- 'link' => page_link_to("admin_questions"),
- 'open_questions' => $open_questions,
- 'answered_questions' => $answered_questions
- ));
- } else {
- switch ($_REQUEST['action']) {
- case 'answer' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing Question ID.", true);
+ return template_render('../templates/admin_questions.html', array (
+ 'link' => page_link_to("admin_questions"),
+ 'open_questions' => $open_questions,
+ 'answered_questions' => $answered_questions
+ ));
+ } else {
+ switch ($_REQUEST['action']) {
+ case 'answer' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Question ID.", true);
- $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
- if (count($question) > 0 && $question[0]['AID'] == "0") {
- $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
+ $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($question) > 0 && $question[0]['AID'] == "0") {
+ $answer = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['answer'])));
- if ($answer != "") {
- sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
- header("Location: " . page_link_to("admin_questions"));
- } else
- return error("Gib eine Antwort ein!", true);
- } else
- return error("No question found.", true);
- break;
- case 'delete' :
- if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing Question ID.", true);
+ if ($answer != "") {
+ sql_query("UPDATE `Questions` SET `AID`=" . sql_escape($user['UID']) . ", `Answer`='" . sql_escape($answer) . "' WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("Question " . $question[0]['Question'] . " answered: " . $answer);
+ header("Location: " . page_link_to("admin_questions"));
+ } else
+ return error("Gib eine Antwort ein!", true);
+ } else
+ return error("No question found.", true);
+ break;
+ case 'delete' :
+ if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Question ID.", true);
- $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
- if (count($question) > 0) {
- sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
- header("Location: " . page_link_to("admin_questions"));
- } else
- return error("No question found.", true);
- break;
- }
- }
+ $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($question) > 0) {
+ sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+ engelsystem_log("Question deleted: " . $question[0]['Question']);
+ header("Location: " . page_link_to("admin_questions"));
+ } else
+ return error("No question found.", true);
+ break;
+ }
+ }
}
?>
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
index 160316c6..b92ea6a8 100644
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@@ -77,17 +77,26 @@ function admin_rooms() {
}
if ($ok) {
- if(isset($id))
+ if(isset($id)) {
sql_query("UPDATE `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "' WHERE `RID`=" . sql_escape($id) . " LIMIT 1");
- else {
+ engelsystem_log("Room updated: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
+ } else {
sql_query("INSERT INTO `Room` SET `Name`='" . sql_escape($name) . "', `FromPentabarf`='" . sql_escape($from_pentabarf) . "', `show`='" . sql_escape($public) . "', `Number`='" . sql_escape($number) . "'");
$id = sql_id();
+ engelsystem_log("Room created: " . $name . ", pentabarf import: " . $from_pentabarf . ", public: " . $public . ", number: " . $number);
}
sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id));
- foreach ($angeltypes_count as $angeltype_id => $angeltype_count)
- sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count));
+ $needed_angeltype_info = array();
+ foreach ($angeltypes_count as $angeltype_id => $angeltype_count) {
+ $angeltype_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($angeltype_id) . " LIMIT 1");
+ if(count($angeltype_source) > 0) {
+ sql_query("INSERT INTO `NeededAngelTypes` SET `room_id`=" . sql_escape($id) . ", `angel_type_id`=" . sql_escape($angeltype_id) . ", `count`=" . sql_escape($angeltype_count));
+ $needed_angeltype_info[] = $angeltypes_source[0]['name'] . ": " . $angeltype_count;
+ }
+ }
+ engelsystem_log("Set needed angeltypes of room " . $name . " to: " . join(", ", $needed_angeltype_info));
success("Room saved.");
redirect(page_link_to("admin_rooms"));
}
@@ -116,6 +125,8 @@ function admin_rooms() {
if (isset ($_REQUEST['ack'])) {
sql_query("DELETE FROM `Room` WHERE `RID`=" . sql_escape($id) . " LIMIT 1");
sql_query("DELETE FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($id) . " LIMIT 1");
+
+ engelsystem_log("Room deleted: " . $name);
success(sprintf("Room %s deleted.", $name));
redirect(page_link_to('admin_rooms'));
}
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php
index 303c580c..f35fa312 100644
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@@ -233,11 +233,18 @@ function admin_shifts() {
foreach ($_SESSION['admin_shifts_shifts'] as $shift) {
sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ", `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'");
$shift_id = sql_id();
+ engelsystem_log("Shift created: " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']));
+ $needed_angel_types_info = array();
foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) {
- sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
+ $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1");
+ if(count($angel_type_source) > 0) {
+ sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count));
+ $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count;
+ }
}
}
+ engelsystem_log("Shift needs following angel types: " . join(", ", $needed_angel_types_info));
$msg = success("Schichten angelegt.", true);
} else {
unset ($_SESSION['admin_shifts_shifts']);
diff --git a/includes/pages/admin_user_angeltypes.php b/includes/pages/admin_user_angeltypes.php
index b22178e0..38c4d9c8 100644
--- a/includes/pages/admin_user_angeltypes.php
+++ b/includes/pages/admin_user_angeltypes.php
@@ -8,16 +8,24 @@ function admin_user_angeltypes() {
global $privileges;
if (isset ($_REQUEST['confirm']) && test_request_int('confirm') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " AND `confirm_user_id` IS NULL") > 0) {
- sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
-
- success("Confirmed.");
+ $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
+ if(count($user_angel_type_source) > 0) {
+ sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($_SESSION['uid']) . " WHERE `id`=" . sql_escape($_REQUEST['confirm']) . " LIMIT 1");
+ engelsystem_log("Confirmed " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']);
+ success("Confirmed.");
+ }
+ else error("Entry not found.");
redirect(page_link_to('admin_user_angeltypes'));
}
if (isset ($_REQUEST['discard']) && test_request_int('discard') && sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " AND `confirm_user_id` IS NULL") > 0) {
- sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
-
- success("Discarded.");
+ $user_angel_type_source = sql_select("SELECT `UserAngelTypes`.*, `User`.`Nick`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `User` ON `User`.`UID`=`UserAngelTypes`.`user_id` JOIN `AngelTypes` ON `AngelTypes`.`id`=`UserAngelTypes`.`angeltype_id` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
+ if(count($user_angel_type_source) > 0) {
+ sql_query("DELETE FROM `UserAngelTypes` WHERE `id`=" . sql_escape($_REQUEST['discard']) . " LIMIT 1");
+ engelsystem_log("Discarded " . $user_angel_type_source[0]['Nick'] . " as " . $user_angel_type_source[0]['name']);
+ success("Discarded.");
+ }
+ else error("Entry not found.");
redirect(page_link_to('admin_user_angeltypes'));
}
diff --git a/includes/sys_log.php b/includes/sys_log.php
new file mode 100644
index 00000000..65c0aa41
--- /dev/null
+++ b/includes/sys_log.php
@@ -0,0 +1,19 @@
+<?php
+
+/**
+ * Write a log entry. This should be used to log user's activity.
+ * @param $message
+ */
+function engelsystem_log($message) {
+ global $user;
+
+ if(isset($user)) {
+ $nick = $user['Nick'];
+ } else {
+ $nick = "Guest";
+ }
+
+ LogEntry_create($nick, $message);
+}
+
+?> \ No newline at end of file
diff --git a/public/index.php b/public/index.php
index 45555a2b..1773b54b 100644
--- a/public/index.php
+++ b/public/index.php
@@ -3,6 +3,7 @@ require_once ('bootstrap.php');
require_once ('includes/sys_auth.php');
require_once ('includes/sys_counter.php');
require_once ('includes/sys_lang.php');
+require_once ('includes/sys_log.php');
require_once ('includes/sys_menu.php');
require_once ('includes/sys_mysql.php');
require_once ('includes/sys_page.php');