summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/model/Shifts_model.php20
-rw-r--r--includes/mysqli_provider.php43
-rw-r--r--includes/pages/admin_import.php10
-rw-r--r--includes/pages/admin_shifts.php10
-rw-r--r--public/index.php8
5 files changed, 63 insertions, 28 deletions
diff --git a/includes/model/Shifts_model.php b/includes/model/Shifts_model.php
index c66cfb83..a9a9244e 100644
--- a/includes/model/Shifts_model.php
+++ b/includes/model/Shifts_model.php
@@ -1,5 +1,25 @@
<?php
+/**
+ * Create a new shift.
+ * @return new shift id or false
+ */
+function Shift_create($shift) {
+ $result = sql_query("INSERT INTO `Shifts` SET
+ `start`=" . sql_escape($shift['start']) . ",
+ `end`=" . sql_escape($shift['end']) . ",
+ `RID`=" . sql_escape($shift['RID']) . ",
+ `name`=" . sql_null($shift['name']) . ",
+ `URL`=" . sql_null($shift['URL']) . ",
+ `PSID`=" . sql_null($shift['PSID']));
+ if ($result === false)
+ return false;
+ return sql_id();
+}
+
+/**
+ * Return users shifts.
+ */
function Shifts_by_user($user) {
return sql_select("
SELECT *
diff --git a/includes/mysqli_provider.php b/includes/mysqli_provider.php
index 9f901a40..9f4f1396 100644
--- a/includes/mysqli_provider.php
+++ b/includes/mysqli_provider.php
@@ -5,16 +5,23 @@
*/
function sql_close() {
global $sql_connection;
-
+
return $sql_connection->close();
}
/**
+ * Return NULL if given value is null.
+ */
+function sql_null($value = null) {
+ return $value == null ? 'NULL' : ("'" . sql_escape($value) . "'");
+}
+
+/**
* Start new transaction.
*/
function sql_transaction_start() {
global $sql_nested_transaction_level;
-
+
if ($sql_nested_transaction_level ++ == 0)
return sql_query("BEGIN");
else
@@ -26,7 +33,7 @@ function sql_transaction_start() {
*/
function sql_transaction_commit() {
global $sql_nested_transaction_level;
-
+
if (-- $sql_nested_transaction_level == 0)
return sql_query("COMMIT");
else
@@ -38,7 +45,7 @@ function sql_transaction_commit() {
*/
function sql_transaction_rollback() {
global $sql_nested_transaction_level;
-
+
if (-- $sql_nested_transaction_level == 0)
return sql_query("ROLLBACK");
else
@@ -48,17 +55,17 @@ function sql_transaction_rollback() {
/**
* Logs an sql error.
*
- * @param string $message
+ * @param string $message
* @return false
*/
function sql_error($message) {
sql_close();
-
+
$message = trim($message) . "\n";
$message .= debug_string_backtrace() . "\n";
-
+
error_log('mysql_provider error: ' . $message);
-
+
return false;
}
@@ -77,19 +84,19 @@ function sql_error($message) {
*/
function sql_connect($host, $user, $pass, $db) {
global $sql_connection;
-
+
$sql_connection = new mysqli($host, $user, $pass, $db);
if ($sql_connection->connect_errno)
return sql_error("Unable to connect to MySQL: " . $sql_connection->connect_error);
-
+
$result = $sql_connection->query("SET CHARACTER SET utf8;");
if (! $result)
return sql_error("Unable to set utf8 character set (" . $sql_connection->errno . ") " . $sql_connection->error);
-
+
$result = $sql_connection->set_charset('utf8');
if (! $result)
return sql_error("Unable to set utf8 names (" . $sql_connection->errno . ") " . $sql_connection->error);
-
+
return $sql_connection;
}
@@ -110,12 +117,12 @@ function sql_select_db($db_name) {
/**
* MySQL SELECT query
*
- * @param string $query
+ * @param string $query
* @return Result array or false on error
*/
function sql_select($query) {
global $sql_connection;
-
+
$result = $sql_connection->query($query);
if ($result) {
$data = array();
@@ -129,12 +136,12 @@ function sql_select($query) {
/**
* MySQL execute a query
*
- * @param string $query
+ * @param string $query
* @return mysqli_result boolean resource or false on error
*/
function sql_query($query) {
global $sql_connection;
-
+
$result = $sql_connection->query($query);
if ($result) {
return $result;
@@ -155,7 +162,7 @@ function sql_id() {
/**
* Escape a string for a sql query.
*
- * @param string $query
+ * @param string $query
* @return string
*/
function sql_escape($query) {
@@ -166,7 +173,7 @@ function sql_escape($query) {
/**
* Count query result lines.
*
- * @param string $query
+ * @param string $query
* @return int Count of result lines
*/
function sql_num_query($query) {
diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php
index 8362391d..31b73992 100644
--- a/includes/pages/admin_import.php
+++ b/includes/pages/admin_import.php
@@ -1,4 +1,5 @@
<?php
+
function admin_import_title() {
return _("Frab import");
}
@@ -116,8 +117,11 @@ function admin_import() {
sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1");
list($events_new, $events_updated, $events_deleted) = prepare_events($import_file);
- foreach ($events_new as $event)
- sql_query("INSERT INTO `Shifts` SET `name`='" . sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'");
+ foreach ($events_new as $event) {
+ $result = Shift_create($event);
+ if ($result === false)
+ engelsystem_error('Unable to create shift.');
+ }
foreach ($events_updated as $event)
sql_query("UPDATE `Shifts` SET `name`='" . sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1");
@@ -165,7 +169,7 @@ function prepare_rooms($file) {
return array(
$rooms_new,
- $rooms_deleted
+ $rooms_deleted
);
}
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php
index 473022eb..fd5b9b55 100644
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@@ -1,4 +1,5 @@
<?php
+
function admin_shifts_title() {
return _("Create shifts");
}
@@ -229,14 +230,17 @@ function admin_shifts() {
))
));
}
-
} elseif (isset($_REQUEST['submit'])) {
if (! is_array($_SESSION['admin_shifts_shifts']) || ! is_array($_SESSION['admin_shifts_types']))
redirect(page_link_to('admin_shifts'));
foreach ($_SESSION['admin_shifts_shifts'] as $shift) {
- sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ", `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'");
- $shift_id = sql_id();
+ $shift['URL'] = null;
+ $shift['PSID'] = null;
+ $shift_id = Shift_create($shift);
+ if ($shift_id === false)
+ engelsystem_error('Unable to create shift.');
+
engelsystem_log("Shift created: " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end']));
$needed_angel_types_info = array();
foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) {
diff --git a/public/index.php b/public/index.php
index 0ba203b0..cd77f9f3 100644
--- a/public/index.php
+++ b/public/index.php
@@ -82,7 +82,7 @@ $free_pages = array(
'api',
'credits',
'angeltypes',
- 'users'
+ 'users'
);
// Gewünschte Seite/Funktion
@@ -91,10 +91,10 @@ if (! isset($_REQUEST['p']))
$_REQUEST['p'] = isset($user) ? "news" : "login";
if (isset($_REQUEST['p']) && preg_match("/^[a-z0-9_]*$/i", $_REQUEST['p']) && (in_array($_REQUEST['p'], $free_pages) || in_array($_REQUEST['p'], $privileges))) {
$p = $_REQUEST['p'];
-
+
$title = $p;
$content = "";
-
+
if ($p == "api") {
require_once realpath(__DIR__ . '/../includes/controller/api.php');
error("Api disabled temporily.");
@@ -222,7 +222,7 @@ echo template_render('../templates/layout.html', array(
'content' => msg() . $content,
'header_toolbar' => header_toolbar(),
'faq_url' => $faq_url,
- 'locale' => $_SESSION['locale']
+ 'locale' => $_SESSION['locale']
));
counter();