diff options
| -rw-r--r-- | includes/model/Shifts_model.php | 20 | ||||
| -rw-r--r-- | includes/mysqli_provider.php | 43 | ||||
| -rw-r--r-- | includes/pages/admin_import.php | 10 | ||||
| -rw-r--r-- | includes/pages/admin_shifts.php | 10 | ||||
| -rw-r--r-- | public/index.php | 8 |
5 files changed, 63 insertions, 28 deletions
diff --git a/includes/model/Shifts_model.php b/includes/model/Shifts_model.php index c66cfb83..a9a9244e 100644 --- a/includes/model/Shifts_model.php +++ b/includes/model/Shifts_model.php @@ -1,5 +1,25 @@ <?php +/** + * Create a new shift. + * @return new shift id or false + */ +function Shift_create($shift) { + $result = sql_query("INSERT INTO `Shifts` SET + `start`=" . sql_escape($shift['start']) . ", + `end`=" . sql_escape($shift['end']) . ", + `RID`=" . sql_escape($shift['RID']) . ", + `name`=" . sql_null($shift['name']) . ", + `URL`=" . sql_null($shift['URL']) . ", + `PSID`=" . sql_null($shift['PSID'])); + if ($result === false) + return false; + return sql_id(); +} + +/** + * Return users shifts. + */ function Shifts_by_user($user) { return sql_select(" SELECT * diff --git a/includes/mysqli_provider.php b/includes/mysqli_provider.php index 9f901a40..9f4f1396 100644 --- a/includes/mysqli_provider.php +++ b/includes/mysqli_provider.php @@ -5,16 +5,23 @@ */ function sql_close() { global $sql_connection; - + return $sql_connection->close(); } /** + * Return NULL if given value is null. + */ +function sql_null($value = null) { + return $value == null ? 'NULL' : ("'" . sql_escape($value) . "'"); +} + +/** * Start new transaction. */ function sql_transaction_start() { global $sql_nested_transaction_level; - + if ($sql_nested_transaction_level ++ == 0) return sql_query("BEGIN"); else @@ -26,7 +33,7 @@ function sql_transaction_start() { */ function sql_transaction_commit() { global $sql_nested_transaction_level; - + if (-- $sql_nested_transaction_level == 0) return sql_query("COMMIT"); else @@ -38,7 +45,7 @@ function sql_transaction_commit() { */ function sql_transaction_rollback() { global $sql_nested_transaction_level; - + if (-- $sql_nested_transaction_level == 0) return sql_query("ROLLBACK"); else @@ -48,17 +55,17 @@ function sql_transaction_rollback() { /** * Logs an sql error. * - * @param string $message + * @param string $message * @return false */ function sql_error($message) { sql_close(); - + $message = trim($message) . "\n"; $message .= debug_string_backtrace() . "\n"; - + error_log('mysql_provider error: ' . $message); - + return false; } @@ -77,19 +84,19 @@ function sql_error($message) { */ function sql_connect($host, $user, $pass, $db) { global $sql_connection; - + $sql_connection = new mysqli($host, $user, $pass, $db); if ($sql_connection->connect_errno) return sql_error("Unable to connect to MySQL: " . $sql_connection->connect_error); - + $result = $sql_connection->query("SET CHARACTER SET utf8;"); if (! $result) return sql_error("Unable to set utf8 character set (" . $sql_connection->errno . ") " . $sql_connection->error); - + $result = $sql_connection->set_charset('utf8'); if (! $result) return sql_error("Unable to set utf8 names (" . $sql_connection->errno . ") " . $sql_connection->error); - + return $sql_connection; } @@ -110,12 +117,12 @@ function sql_select_db($db_name) { /** * MySQL SELECT query * - * @param string $query + * @param string $query * @return Result array or false on error */ function sql_select($query) { global $sql_connection; - + $result = $sql_connection->query($query); if ($result) { $data = array(); @@ -129,12 +136,12 @@ function sql_select($query) { /** * MySQL execute a query * - * @param string $query + * @param string $query * @return mysqli_result boolean resource or false on error */ function sql_query($query) { global $sql_connection; - + $result = $sql_connection->query($query); if ($result) { return $result; @@ -155,7 +162,7 @@ function sql_id() { /** * Escape a string for a sql query. * - * @param string $query + * @param string $query * @return string */ function sql_escape($query) { @@ -166,7 +173,7 @@ function sql_escape($query) { /** * Count query result lines. * - * @param string $query + * @param string $query * @return int Count of result lines */ function sql_num_query($query) { diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php index 8362391d..31b73992 100644 --- a/includes/pages/admin_import.php +++ b/includes/pages/admin_import.php @@ -1,4 +1,5 @@ <?php + function admin_import_title() { return _("Frab import"); } @@ -116,8 +117,11 @@ function admin_import() { sql_query("DELETE FROM `Room` WHERE `Name`='" . sql_escape($room) . "' LIMIT 1"); list($events_new, $events_updated, $events_deleted) = prepare_events($import_file); - foreach ($events_new as $event) - sql_query("INSERT INTO `Shifts` SET `name`='" . sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "'"); + foreach ($events_new as $event) { + $result = Shift_create($event); + if ($result === false) + engelsystem_error('Unable to create shift.'); + } foreach ($events_updated as $event) sql_query("UPDATE `Shifts` SET `name`='" . sql_escape($event['name']) . "', `start`=" . sql_escape($event['start']) . ", `end`=" . sql_escape($event['end']) . ", `RID`=" . sql_escape($event['RID']) . ", `PSID`=" . sql_escape($event['PSID']) . ", `URL`='" . sql_escape($event['URL']) . "' WHERE `PSID`=" . sql_escape($event['PSID']) . " LIMIT 1"); @@ -165,7 +169,7 @@ function prepare_rooms($file) { return array( $rooms_new, - $rooms_deleted + $rooms_deleted ); } diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 473022eb..fd5b9b55 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -1,4 +1,5 @@ <?php + function admin_shifts_title() { return _("Create shifts"); } @@ -229,14 +230,17 @@ function admin_shifts() { )) )); } - } elseif (isset($_REQUEST['submit'])) { if (! is_array($_SESSION['admin_shifts_shifts']) || ! is_array($_SESSION['admin_shifts_types'])) redirect(page_link_to('admin_shifts')); foreach ($_SESSION['admin_shifts_shifts'] as $shift) { - sql_query("INSERT INTO `Shifts` SET `start`=" . sql_escape($shift['start']) . ", `end`=" . sql_escape($shift['end']) . ", `RID`=" . sql_escape($shift['RID']) . ", `name`='" . sql_escape($shift['name']) . "'"); - $shift_id = sql_id(); + $shift['URL'] = null; + $shift['PSID'] = null; + $shift_id = Shift_create($shift); + if ($shift_id === false) + engelsystem_error('Unable to create shift.'); + engelsystem_log("Shift created: " . $shift['name'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end'])); $needed_angel_types_info = array(); foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) { diff --git a/public/index.php b/public/index.php index 0ba203b0..cd77f9f3 100644 --- a/public/index.php +++ b/public/index.php @@ -82,7 +82,7 @@ $free_pages = array( 'api', 'credits', 'angeltypes', - 'users' + 'users' ); // Gewünschte Seite/Funktion @@ -91,10 +91,10 @@ if (! isset($_REQUEST['p'])) $_REQUEST['p'] = isset($user) ? "news" : "login"; if (isset($_REQUEST['p']) && preg_match("/^[a-z0-9_]*$/i", $_REQUEST['p']) && (in_array($_REQUEST['p'], $free_pages) || in_array($_REQUEST['p'], $privileges))) { $p = $_REQUEST['p']; - + $title = $p; $content = ""; - + if ($p == "api") { require_once realpath(__DIR__ . '/../includes/controller/api.php'); error("Api disabled temporily."); @@ -222,7 +222,7 @@ echo template_render('../templates/layout.html', array( 'content' => msg() . $content, 'header_toolbar' => header_toolbar(), 'faq_url' => $faq_url, - 'locale' => $_SESSION['locale'] + 'locale' => $_SESSION['locale'] )); counter(); |