summaryrefslogtreecommitdiff
path: root/includes/controller
diff options
context:
space:
mode:
Diffstat (limited to 'includes/controller')
-rw-r--r--includes/controller/api.php355
-rw-r--r--includes/controller/user_angeltypes_controller.php2
-rw-r--r--includes/controller/users_controller.php47
3 files changed, 31 insertions, 373 deletions
diff --git a/includes/controller/api.php b/includes/controller/api.php
deleted file mode 100644
index 9ecd3a2f..00000000
--- a/includes/controller/api.php
+++ /dev/null
@@ -1,355 +0,0 @@
-<?php
-
-/************************************************************************************************
- * API Documentation
- ************************************************************************************************
-
-General:
---------
-All API calls output JSON-encoded data. Client parameters should be passed encoded using JSON in HTTP POST data.
-Every API Request must be contained the Api Key (using JSON parameter 'key') and the Command (using JSON parameter 'cmd').
-
-
-Testing API calls (using curl):
--------------------------------
-$ curl -d '{"cmd":"getVersion"}' '<Address>/?p=api'
-$ curl -d '{"cmd":"getApiKey","user":"admin","pw":"admin"}' '<Address>/?p=api'
-$ curl -d '{"key":"<key>","cmd":"getRoom"}' '<Address>/?p=api'
-$ curl -d '{"key":"<key>","cmd":"sendmessage","uid":"23","text":"test message"}' '<Address>/?p=api'
-
-Methods without key:
---------------------
-getVersion
- Description:
- Returns API version.
- Parameters:
- nothing
- Return Example:
- {"status":"success","version": "1"}
-
-getApiKey
- Description:
- Returns API Key version.
- Parameters:
- user (string)
- pw (string)
- Return Example:
- {"status":"success","Key":"1234567890123456789012"}
-
-Methods with Key:
------------------
-getRoom
- Description:
- Returns a list of all Rooms (no id set) or details of a single Room (requested id)
- Parameters:
- id (integer) - Room ID
- Return Example:
- [{"RID":"1"},{"RID":"23"},{"RID":"42"}]
- {"RID":"1","Name":"Room Name","Man":null,"FromPentabarf":"","show":"Y","Number":"0"}
-
-getAngelType
- Description:
- Returns a list of all Angel Types (no id set) or details of a single Angel Type (requested id)
- Parameters:
- id (integer) - Type ID
- Return Example:
- [{"id":"8"},{"id":"9"}]
- {"id":"9","name":"Angeltypes 2","restricted":"0"}
-
-getUser
- Description:
- Returns a list of all Users (no id set) or details of a single User (requested id)
- Parameters:
- id (integer) - User ID
- Return Example:
- [{"UID":"1"},{"UID":"23"},{"UID":"42"}]
- {"UID":"1","Nick":"admin","Name":"Gates","Vorname":"Bill","Telefon":"","DECT":"","Handy":"","email":"","jabber":"","Avatar":"115"}
-
-getShift
- Description:
- Returns a list of all Shifte (no id set, filter is optional) or details of a single Shift (requested id)
- Parameters:
- id (integer) - Shift ID
- filterRoom (Array of integer) - Array of Room IDs (optional, for list request)
- filterTask (Array of integer) - Array if Task (optional, for list request)
- filterOccupancy (integer) - Occupancy state: (optional, for list request)
- 1 occupied
- 2 free
- 3 occupied and free
- Return Example:
- [{"SID":"1"},{"SID":"2"},{"SID":"3"}]
- {"SID":"10","start":"1388264400","end":"1388271600","RID":"1","name":"Shift 1","URL":null,"PSID":null,\
- "ShiftEntry":[{"TID":"8","UID":"4","freeloaded":"0"}],
- "NeedAngels":[{"TID":"8","count":"1","restricted":"0","taken":1},{"TID":"9","count":"2","restricted":"0","taken":0}]}
-
-getMessage
- Description:
- Returns a list of all Messages (no id set) or details of a single Message (requested id)
- Parameters:
- id (integer) - Message ID
- Return Example:
- [{"id":"1"},{"id":"2"},{"id":"3"}]
- {"id":"3","Datum":"1388247583","SUID":"23","RUID":"42","isRead":"N","Text":"message text"}
-
-sendMessage
- Description:
- send a Message to an other angel
- Parameters:
- uid (integer) - User ID of the reciever
- text (string) - Message Text
- Return Example:
- {"status":"success"}
-
-************************************************************************************************/
-
-/**
- * General API Controller
- */
-function api_controller() {
- global $user, $DataJson;
-
- header("Content-Type: application/json; charset=utf-8");
-
- // decode JSON request
- $input = file_get_contents("php://input");
- $input = json_decode($input, true);
- $_REQUEST = $input;
-
- // get command
- $cmd = '';
- if (isset($_REQUEST['cmd']))
- $cmd = strtolower($_REQUEST['cmd']);
-
- // decode commands, without key
- switch ($cmd) {
- case 'getversion':
- getVersion();
- die(json_encode($DataJson));
- break;
- case 'getapikey':
- getApiKey();
- die(json_encode($DataJson));
- break;
- }
-
- // get API KEY
- if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key']))
- $key = $_REQUEST['key'];
- else
- die(json_encode(array(
- 'status' => 'failed',
- 'error' => 'Missing parameter "key".'
- )));
-
- // check API key
- $user = User_by_api_key($key);
- if ($user === false)
- die(json_encode(array(
- 'status' => 'failed',
- 'error' => 'Unable to find user'
- )));
- if ($user == null)
- die(json_encode(array(
- 'status' => 'failed',
- 'error' => 'Key invalid.'
- )));
-
- // decode command
- switch ($cmd) {
- case 'getroom':
- getRoom();
- break;
- case 'getangeltype':
- getAngelType();
- break;
- case 'getuser':
- // TODO Dataleak! Only coordinators are allowed to see so much user informations.
- //getUser();
- break;
- case 'getshift':
- getShift();
- break;
- case 'getmessage':
- // TODO Dataleak!
- //getMessage();
- break;
- case 'sendmessage':
- sendMessage();
- break;
- default:
- $DataJson = array(
- 'status' => 'failed',
- 'error' => 'Unknown Command "' . $cmd . '"'
- );
- }
-
- // check
- if ($DataJson === false) {
- $DataJson = array(
- 'status' => 'failed',
- 'error' => 'DataJson === false'
- );
- } elseif ($DataJson == null) {
- $DataJson = array(
- 'status' => 'failed',
- 'error' => 'DataJson == null'
- );
- }
-
- echo json_encode($DataJson);
- die();
-}
-
-/**
- * Get Version of API
- */
-function getVersion() {
- global $DataJson;
-
- $DataJson = array(
- 'status' => 'success',
- 'Version' => 1
- );
-}
-
-/**
- * Get API Key
- */
-function getApiKey() {
- global $DataJson;
-
- if (! isset($_REQUEST['user'])) {
- $DataJson = array(
- 'status' => 'failed',
- 'error' => 'Missing parameter "user".'
- );
- } elseif (! isset($_REQUEST['pw'])) {
- $DataJson = array(
- 'status' => 'failed',
- 'error' => 'Missing parameter "pw".'
- );
- } else {
- $Erg = sql_select("SELECT `UID`, `Passwort`, `api_key` FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST['user']) . "'");
-
- if (count($Erg) == 1) {
- $Erg = $Erg[0];
- if (verify_password($_REQUEST['pw'], $Erg["Passwort"], $Erg["UID"])) {
- $key = $Erg["api_key"];
- $DataJson = array(
- 'status' => 'success',
- 'Key' => $key
- );
- } else {
- $DataJson = array(
- 'status' => 'failed',
- 'error' => 'PW wrong'
- );
- }
- } else {
- $DataJson = array(
- 'status' => 'failed',
- 'error' => 'User not found.'
- );
- }
- }
-
- sleep(1);
-}
-
-/**
- * Get Room
- */
-function getRoom() {
- global $DataJson;
-
- if (isset($_REQUEST['id'])) {
- $DataJson = Room($_REQUEST['id']);
- } else {
- $DataJson = Room_ids();
- }
-}
-
-/**
- * Get AngelType
- */
-function getAngelType() {
- global $DataJson;
-
- if (isset($_REQUEST['id'])) {
- $DataJson = AngelType($_REQUEST['id']);
- } else {
- $DataJson = AngelType_ids();
- }
-}
-
-/**
- * Get User
- */
-function getUser() {
- global $DataJson;
-
- if (isset($_REQUEST['id'])) {
- $DataJson = mUser_Limit($_REQUEST['id']);
- } else {
- $DataJson = User_ids();
- }
-}
-
-/**
- * Get Shift
- */
-function getShift() {
- global $DataJson;
-
- if (isset($_REQUEST['id'])) {
- $DataJson = Shift($_REQUEST['id']);
- } else {
- $DataJson = Shifts_filtered();
- }
-}
-
-/**
- * @TODO: Why are ALL messages of ALL users returned? Data leak. It is not checked if this is my message!
- * Get Message
- */
-function getMessage() {
- global $DataJson;
-
- if (isset($_REQUEST['id'])) {
- $DataJson = Message($_REQUEST['id']);
- } else {
- $DataJson = Message_ids();
- }
-}
-
-/**
- * Send Message
- */
-function sendMessage() {
- global $DataJson;
-
- if (! isset($_REQUEST['uid'])) {
- $DataJson = array(
- 'status' => 'failed',
- 'error' => 'Missing parameter "uid".'
- );
- } elseif (! isset($_REQUEST['text'])) {
- $DataJson = array(
- 'status' => 'failed',
- 'error' => 'Missing parameter "text".'
- );
- } else {
- if (Message_send($_REQUEST['uid'], $_REQUEST['text']) === true) {
- $DataJson = array(
- 'status' => 'success'
- );
- } else {
- $DataJson = array(
- 'status' => 'failed',
- 'error' => 'Transmitting was terminated with an Error.'
- );
- }
- }
-}
-
-?>
diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php
index 66abc589..f76f10ae 100644
--- a/includes/controller/user_angeltypes_controller.php
+++ b/includes/controller/user_angeltypes_controller.php
@@ -14,7 +14,7 @@ function user_angeltypes_unconfirmed_hint() {
$unconfirmed_links = [];
foreach ($unconfirmed_user_angeltypes as $user_angeltype)
- $unconfirmed_links[] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $user_angeltype['angeltype_id'] . '">' . $user_angeltype['name'] . '</a>';
+ $unconfirmed_links[] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $user_angeltype['angeltype_id'] . '">' . $user_angeltype['name'] . ' (+' . $user_angeltype['count'] . ')' . '</a>';
return info(sprintf(ngettext("There is %d unconfirmed angeltype.", "There are %d unconfirmed angeltypes.", count($unconfirmed_user_angeltypes)), count($unconfirmed_user_angeltypes)) . " " . _('Angel types which need approvals:') . ' ' . join(', ', $unconfirmed_links), true);
}
diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php
index 7810ce77..067fc4aa 100644
--- a/includes/controller/users_controller.php
+++ b/includes/controller/users_controller.php
@@ -22,8 +22,8 @@ function users_controller() {
return user_edit_controller();
case 'delete':
return user_delete_controller();
- case 'got_voucher':
- return user_got_voucher_controller();
+ case 'edit_vouchers':
+ return user_edit_vouchers_controller();
}
}
@@ -35,7 +35,7 @@ function user_link($user) {
return page_link_to('users') . '&action=view&user_id=' . $user['UID'];
}
-function user_got_voucher_controller() {
+function user_edit_vouchers_controller() {
global $privileges, $user;
if (isset($_REQUEST['user_id'])) {
@@ -43,24 +43,37 @@ function user_got_voucher_controller() {
} else
$user_source = $user;
- $admin_user_privilege = in_array('admin_user', $privileges);
-
if (! in_array('admin_user', $privileges))
redirect(page_link_to(''));
- if (! isset($_REQUEST['got_voucher']))
- redirect(page_link_to(''));
-
- $user_source['got_voucher'] = $_REQUEST['got_voucher'] == 'true';
-
- $result = User_update($user_source);
- if ($result === false)
- engelsystem_error('Unable to update user.');
-
- success($user_source['got_voucher'] ? _('User got vouchers.') : _('User didnt got vouchers.'));
- engelsystem_log(User_Nick_render($user_source) . ($user_source['got_voucher'] ? ' got vouchers' : ' didnt got vouchers'));
+ if (isset($_REQUEST['submit'])) {
+ $ok = true;
+
+ if (isset($_REQUEST['vouchers']) && test_request_int('vouchers') && trim($_REQUEST['vouchers']) >= 0)
+ $vouchers = trim($_REQUEST['vouchers']);
+ else {
+ $ok = false;
+ error(_("Please enter a valid number of vouchers."));
+ }
+
+ if ($ok) {
+ $user_source['got_voucher'] = $vouchers;
+
+ $result = User_update($user_source);
+ if ($result === false)
+ engelsystem_error('Unable to update user.');
+
+ success(_("Saved the number of vouchers."));
+ engelsystem_log(User_Nick_render($user_source) . ': ' . sprintf("Got %s vouchers", $user_source['got_voucher']));
+
+ redirect(user_link($user_source));
+ }
+ }
- redirect(user_link($user_source));
+ return array(
+ sprintf(_("%s's vouchers"), $user_source['Nick']),
+ User_edit_vouchers_view($user_source)
+ );
}
function user_controller() {